Multiple vulnerabilities in Rockwell FactoryTalk View SE

1) Cleartext storage of sensitive information

EUVDB-ID: #VU29307

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-14480

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information on the target system.

The vulnerability exists due to usernames/passwords being stored in plaintext in Random Access Memory (RAM). A local user can gain access to sensitive information on the system, such as Windows Logon credentials.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FactoryTalk View SE: 9.0 - 10.0

CPE2.3

• cpe:2.3:a:rockwell_automation:factorytalk_view_se:*:*:*:*:*:*:*:*

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-177-03

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Inadequate Encryption Strength

EUVDB-ID: #VU29308

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-14481

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information on the target system.

The vulnerability exists due to the DeskLock tool uses a weak encryption algorithm. A local user can decipher user credentials, including the Windows user or Windows DeskLock passwords.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FactoryTalk View SE: 9.0 - 10.0

CPE2.3

• cpe:2.3:a:rockwell_automation:factorytalk_view_se:*:*:*:*:*:*:*:*

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-177-03

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?