{"api_version":"1","generated_at":"2026-04-23T18:35:22+00:00","cve":"CVE-2020-14481","urls":{"html":"https://cve.report/CVE-2020-14481","api":"https://cve.report/api/cve/CVE-2020-14481.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14481","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14481"},"summary":{"title":"CVE-2020-14481","description":"The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2022-02-24 19:15:00","updated_at":"2022-03-04 18:28:00"},"problem_types":["CWE-326"],"metrics":[],"references":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03","name":"https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03","refsource":"MISC","tags":[],"title":"Rockwell Automation FactoryTalk View SE | CISA","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14481","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14481","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14481","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rockwellautomation","cpe5":"factorytalk_view","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"se","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14481","vulnerable":"1","versionEndIncluding":"9.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rockwellautomation","cpe5":"factorytalk_view","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"se","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2020-06-25T16:00:00.000Z","ID":"CVE-2020-14481","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"FactoryTalk View SE","version":{"version_data":[{"version_affected":"<=","version_value":"9.0"},{"version_affected":"=","version_value":"10.0"}]}}]},"vendor_name":"Rockwell Automation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE."}]},"generator":{"engine":"Vulnogram 0.0.9"},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-261 Weak Cryptography for Passwords"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03","name":"https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-02-24 19:15:00","lastModifiedDate":"2022-03-04 18:28:00","problem_types":["CWE-326"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rockwellautomation:factorytalk_view:10.0:*:*:*:se:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:se:*:*:*","versionEndIncluding":"9.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14481","Ordinal":"175858","Title":"CVE-2020-14481","CVE":"CVE-2020-14481","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14481","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}