{"api_version":"1","generated_at":"2026-04-23T18:34:43+00:00","cve":"CVE-2020-12033","urls":{"html":"https://cve.report/CVE-2020-12033","api":"https://cve.report/api/cve/CVE-2020-12033.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-12033","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-12033"},"summary":{"title":"CVE-2020-12033","description":"In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2020-06-23 22:15:00","updated_at":"2020-07-06 14:57:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-170-04","name":"https://www.us-cert.gov/ics/advisories/icsa-20-170-04","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Rockwell Automation FactoryTalk Services Platform | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-12033","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12033","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"12033","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rockwellautomation","cpe5":"factorytalk_services_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12033","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rockwellautomation","cpe5":"factorytalk_services_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-12033","ASSIGNER":"ics-cert@hq.dhs.gov","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Rockwell Automation FactoryTalk Services Platform","version":{"version_data":[{"version_value":"All Versions"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"IMPROPER INPUT VALIDATION CWE-20"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.us-cert.gov/ics/advisories/icsa-20-170-04","url":"https://www.us-cert.gov/ics/advisories/icsa-20-170-04"}]},"description":{"description_data":[{"lang":"eng","value":"In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges."}]}},"nvd":{"publishedDate":"2020-06-23 22:15:00","lastModifiedDate":"2020-07-06 14:57:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:P","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":6.5,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"12033","Ordinal":"173171","Title":"CVE-2020-12033","CVE":"CVE-2020-12033","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"12033","Ordinal":"1","NoteData":"In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"12033","Ordinal":"2","NoteData":"2020-06-23","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"12033","Ordinal":"3","NoteData":"2020-06-23","Type":"Other","Title":"Modified"}]}}}