CVE-2020-12028

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

CVSS v3 8.1 HIGH
CVSS v2.0 5.5 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944	Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:se:*:*:*

History

25 Apr 2022, 17:39

Type	Values Removed	Values Added
CWE	~~CWE-264~~	CWE-306

01 Jan 2022, 18:46

Type	Values Removed	Values Added
CWE	~~CWE-281~~
References	~~(MISC) http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html -~~	(MISC) http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2020-07-20 16:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-12028

Mitre link : CVE-2020-12028

CVE.ORG link : CVE-2020-12028

JSON object : View

Products Affected

rockwellautomation

factorytalk_view

CWE

CWE-306

Missing Authentication for Critical Function

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2020-12028", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.1}]}, "published": "2020-07-20T16:15:12.163", "references": [{"url": "http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs."}, {"lang": "es", "value": "En todas las versiones de FactoryTalk View SEA un atacante autenticado remoto puede ser capaz de usar determinados manejadores para interactuar con los datos en el endpoint remoto, ya que esos controladores no aplican los permisos apropiados. Rockwell Automation recomienda habilitar las funciones de seguridad integradas que se encuentran en FactoryTalk View SE. Los usuarios deben seguir la gu\u00eda que se encuentra en los art\u00edculos 109056 y 1126943 de la base de conocimiento para configurar IPSec y/o HTTP"}], "lastModified": "2022-04-25T17:39:28.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:se:*:*:*", "vulnerable": true, "matchCriteriaId": "4DDF668E-9D30-4588-8897-474014D746A5"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}