Main Vulnerability Database Exploits ID:4861 - Exploit for Input validation error in FactoryTalk View SE - CVE-2020-12029

ID:4861 - Exploit for Input validation error in FactoryTalk View SE - CVE-2020-12029

Published: November 20, 2020

Vulnerability identifier: #VU29157

Vulnerability risk: High

CVE-ID: CVE-2020-12029

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
FactoryTalk View SE

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/windows/scada/rockwell_factorytalk_rce

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in filenames within a project directory. A remote attacker can use a specially crafted file and execute arbitrary code on the target system.

Remediation

Vendor recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.

ID:4861 - Exploit for Input validation error in FactoryTalk View SE - CVE-2020-12029

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human