CVE-2020-12027

EPSS 25.91%
Published 20.07.2020 16:15:12
Last modified 21.11.2024 04:59:08
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Rockwellautomation ≫ Factorytalk View SwEditionse

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	25.91%	0.96

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
ics-cert@hq.dhs.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html

Third Party Advisory

VDB Entry

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-12027

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12027

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12027

EUVD