CVE-2020-12027

EPSS 23.53%
Veröffentlicht 20.07.2020 16:15:12
Zuletzt bearbeitet 21.11.2024 04:59:08
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Factorytalk View SwEditionse

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	23.53%	0.958

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
ics-cert@hq.dhs.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html

Third Party Advisory

VDB Entry

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-12027

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12027

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12027

EUVD