Rockwell Automation FactoryTalk View SE
CVE-2020-12031

7.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk View Se
Vendor: CVE Published:; 20 July 2020

Summary

In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.

Affected Version(s)

FactoryTalk View SE all versions

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05

x_refsource_MISC

https://rockwellautomation.custhelp.com/app/answers/detai...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 20, 2020
Vulnerability Reserved
Apr 21, 2020

Credit

Trend Micro’s Zero Day Initiative reported these vulnerabilities to Rockwell Automation