CVE-2020-12028 HIGH

CVE-2020-12028: Rockwell Automation FactoryTalk View SE

Vendor Rockwell Automation

Product FactoryTalk View SE

Weakness CWE-264

Published July 20, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

Key dates

02Disclosure timeline

July 20, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-12028

Related vulnerabilities

CVE-2020-12028: Rockwell Automation FactoryTalk View SE

01Description

02Disclosure timeline

03References

04Related CVE