← Back to CVEs
CVE-2020-12031
HIGH7.5
Description
In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredLOW
User InteractionREQUIRED
Published7/20/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
rockwellautomation:factorytalk_view
Weaknesses (CWE)
CWE-119CWE-787
References
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944(ics-cert@hq.dhs.gov)
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05(ics-cert@hq.dhs.gov)
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944(af854a3a-2127-422b-91ae-364da2661108)
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.