Vulnerability Details : CVE-2020-12028
Public exploit exists!
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.
Products affected by CVE-2020-12028
- cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:se:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-12028
4.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-12028
-
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
Disclosure Date: 2020-06-22First seen: 2020-11-20exploit/windows/scada/rockwell_factorytalk_rceThis module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauth
CVSS scores for CVE-2020-12028
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST | |
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
2.1
|
5.2
|
ICS-CERT | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2020-12028
-
Assigned by: ics-cert@hq.dhs.gov (Secondary)
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-12028
-
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944
Vendor Advisory
-
http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05
Rockwell Automation FactoryTalk View SE | CISAThird Party Advisory;US Government Resource
Jump to