CVE-2020-12033

Published: Jun 23, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.

Affected (1)

Products: Rockwellautomation: Factorytalk Services Platform

Rockwellautomation

1 product

Factorytalk Services Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Factorytalk Services Platform	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.us-cert.gov/ics/advisories/icsa-20-170-04

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-20-170-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.