Local Credential Exposure in Windows Logon due to Memory Weakness
CVE-2020-14480

5.5MEDIUM

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk View Se
Vendor: CVE Published:; 24 February 2022

Summary

A significant vulnerability exists due to usernames and passwords being stored in plaintext within Random Access Memory (RAM). This weakness could allow a local, authenticated attacker to access sensitive credentials, including those required for Windows Logon, potentially compromising the security of the affected systems.

Affected Version(s)

FactoryTalk View SE <= 9.0

FactoryTalk View SE 10.0

References

https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2022
Vulnerability Reserved
Jun 19, 2020