#VU29160 Information disclosure in FactoryTalk View SE - CVE-2020-12027
Published: June 19, 2020 / Updated: November 20, 2020
Vulnerability identifier: #VU29160
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2020-12027
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
FactoryTalk View SE
FactoryTalk View SE
Software vendor:
Rockwell Automation
Rockwell Automation
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote authenticated attacker can gain unauthorized access to sensitive information on the system, such as the hostnames and file paths for certain files within the system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.