CVE-2020-12027
Summary
| CVE | CVE-2020-12027 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-20 16:15:00 UTC |
| Updated | 2021-09-23 13:38:00 UTC |
| Description | All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rockwellautomation | Factorytalk View | All | All | All | All |
| Application | Rockwellautomation | Factorytalk View | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| This is the Legacy Answer page, redirecting you to the new page. | MISC | rockwellautomation.custhelp.com | Vendor Advisory |
| Rockwell Automation FactoryTalk View SE | CISA | MISC | us-cert.cisa.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Trend Micro’s Zero Day Initiative reported these vulnerabilities to Rockwell Automation
There are currently no legacy QID mappings associated with this CVE.