Main Vulnerability Database Vulnerabilities #VU29159

#VU29159 Permissions, Privileges, and Access Controls in FactoryTalk View SE - CVE-2020-12028

Published: June 19, 2020 / Updated: November 20, 2020

Vulnerability identifier: #VU29159

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2020-12028

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
FactoryTalk View SE

Software vendor:
Rockwell Automation

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions within certain handlers. A remote authenticated attacker can utilize those handlers to interact with the data on the remote endpoint.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-170-05

#VU29159 Permissions, Privileges, and Access Controls in FactoryTalk View SE - CVE-2020-12028

Description

Remediation

External links

Please verify you're human