CVE-2020-12031
Summary
| CVE | CVE-2020-12031 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-20 16:15:00 UTC |
| Updated | 2021-09-23 13:34:00 UTC |
| Description | In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rockwellautomation | Factorytalk View | All | All | All | All |
| Application | Rockwellautomation | Factorytalk View | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| This is the Legacy Answer page, redirecting you to the new page. | MISC | rockwellautomation.custhelp.com | Vendor Advisory |
| Rockwell Automation FactoryTalk View SE | CISA | MISC | us-cert.cisa.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Trend Micro’s Zero Day Initiative reported these vulnerabilities to Rockwell Automation
There are currently no legacy QID mappings associated with this CVE.