Main Vulnerability Database Vulnerabilities #VU29158

#VU29158 Buffer overflow in FactoryTalk View SE - CVE-2020-12031

Published: June 19, 2020

Vulnerability identifier: #VU29158

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-12031

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FactoryTalk View SE

Software vendor:
Rockwell Automation

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the operating system. A local user can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Vendor recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-170-05

#VU29158 Buffer overflow in FactoryTalk View SE - CVE-2020-12031

Description

Remediation

External links

Please verify you're human