{"api_version":"1","generated_at":"2026-04-23T18:34:32+00:00","cve":"CVE-2020-12029","urls":{"html":"https://cve.report/CVE-2020-12029","api":"https://cve.report/api/cve/CVE-2020-12029.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-12029","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-12029"},"summary":{"title":"CVE-2020-12029","description":"All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2020-07-20 15:15:00","updated_at":"2022-01-04 16:37:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html","name":"http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html","refsource":"MISC","tags":[],"title":"Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944","name":"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944","refsource":"MISC","tags":["Vendor Advisory"],"title":"This is the Legacy Answer page, redirecting you to the new page.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Rockwell Automation FactoryTalk View SE | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-12029","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12029","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Trend Micro’s Zero Day Initiative reported these vulnerabilities to Rockwell Automation","lang":""}],"nvd_cpes":[{"cve_year":"2020","cve_id":"12029","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rockwellautomation","cpe5":"factorytalk_view","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"se","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12029","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rockwellautomation","cpe5":"factorytalk_view","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"se","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2020-06-18T00:00:00.000Z","ID":"CVE-2020-12029","STATE":"PUBLIC","TITLE":"Rockwell Automation FactoryTalk View SE"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"FactoryTalk View SE","version":{"version_data":[{"version_affected":"=","version_value":"all versions"}]}}]},"vendor_name":"Rockwell Automation"}]}},"credit":[{"lang":"eng","value":"Trend Micro’s Zero Day Initiative reported these vulnerabilities to Rockwell Automation"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"IMPROPER INPUT VALIDATION CWE-20"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05","name":"https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05"},{"refsource":"MISC","url":"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944","name":"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html","url":"http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html"}]},"solution":[{"lang":"eng","value":"Rockwell Automation has released new versions of the affected products to mitigate the reported vulnerabilities. Affected users who are not able to apply the latest update are encouraged to seek additional mitigations or workarounds from the vendor’s published guidelines in their security advisory.\nRockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx."}],"source":{"advisory":"ICSA-20-170-05 Rockwell Automation FactoryTalk View SE","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2020-07-20 15:15:00","lastModifiedDate":"2022-01-04 16:37:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rockwellautomation:factorytalk_view:-:*:*:*:se:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"12029","Ordinal":"173167","Title":"CVE-2020-12029","CVE":"CVE-2020-12029","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"12029","Ordinal":"1","NoteData":"All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"12029","Ordinal":"2","NoteData":"2020-07-20","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"12029","Ordinal":"3","NoteData":"2020-11-20","Type":"Other","Title":"Modified"}]}}}