Insecure Deserialization Vulnerability in Rockwell Automation FactoryTalk Diagnostics Software
CVE-2020-6967

9.8CRITICAL

Key Information:

Vendor: Rockwellautomation
Status: Rockwell Automation All Versions Of Factorytalk Diagnostics Software, A Subsystem Of The Factorytalk Services Platform
Vendor: CVE Published:; 23 March 2020

🔔 Create Rockwellautomation Vulnerability Alert

What is CVE-2020-6967?

Rockwell Automation's FactoryTalk Diagnostics software contains a vulnerability due to the exposure of a .NET Remoting endpoint via RNADiagnosticsSrv.exe on TCP port 8082. This allows the software to insecurely deserialize untrusted data, potentially leading to various exploitation risks. It is essential for organizations utilizing this software to be aware of the associated risks and to implement necessary security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Rockwell Automation All of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform Rockwell Automation All versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform

References

https://www.us-cert.gov/ics/advisories/icsa-20-051-02

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2020
Vulnerability Reserved
Jan 14, 2020

JSON

Rockwellautomation

What is CVE-2020-6967?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.