Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-12027
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-20 Jul, 2020 | 15:13
Updated At-17 Sep, 2024 | 04:29
Rejected At-
▼CVE Numbering Authority (CNA)
Rockwell Automation FactoryTalk View SE

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

Affected Products
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
FactoryTalk View SE
Versions
Affected
  • all versions
Problem Types
TypeCWE IDDescription
CWECWE-200EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200
Type: CWE
CWE ID: CWE-200
Description: EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Rockwell Automation has released new versions of the affected products to mitigate the reported vulnerabilities. Affected users who are not able to apply the latest update are encouraged to seek additional mitigations or workarounds from the vendor’s published guidelines in their security advisory. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

Configurations
Workarounds
Exploits
Credits
Trend Micro’s Zero Day Initiative reported these vulnerabilities to Rockwell Automation
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05
x_refsource_MISC
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944
x_refsource_MISC
http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html
x_refsource_MISC
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05
Resource:
x_refsource_MISC
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944
Resource:
x_refsource_MISC
Hyperlink: http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05
x_refsource_MISC
x_transferred
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944
x_refsource_MISC
x_transferred
http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html
x_refsource_MISC
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html
Resource:
x_refsource_MISC
x_transferred
Details not found