CVE-2020-12028
Summary
| CVE | CVE-2020-12028 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-20 16:15:00 UTC |
| Updated | 2022-04-25 17:39:00 UTC |
| Description | In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rockwellautomation | Factorytalk View | All | All | All | All |
| Application | Rockwellautomation | Factorytalk View | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| This is the Legacy Answer page, redirecting you to the new page. | MISC | rockwellautomation.custhelp.com | Vendor Advisory |
| Rockwell Automation FactoryTalk View SE | CISA | MISC | us-cert.cisa.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Trend Micro’s Zero Day Initiative reported these vulnerabilities to Rockwell Automation
There are currently no legacy QID mappings associated with this CVE.