Buffer overflow in FactoryTalk View SE - CVE-2020-12031

 

Buffer overflow in FactoryTalk View SE - CVE-2020-12031

Published: June 19, 2020


Vulnerability identifier: #VU29158
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-12031
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Rockwell Automation
Affected software:
FactoryTalk View SE

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the operating system. A local user can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


How to mitigate CVE-2020-12031

Vendor recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.

Sources