What is CVE-2020-12028?

CVE-2020-12028 is a high-severity vulnerability in Rockwell Automation Factorytalk View Se, classified under CWE-264. CVSS score: 7.3/10. Published 2020-07-20.

How severe is CVE-2020-12028?

High severity. CVSS v3 base score is 7.3 out of 10.

Is CVE-2020-12028 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Rockwell Automation Factorytalk View Se

CVE-2020-12028

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automa…

EPSS: 0.510 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N.

Affected products

Rockwell Automation Factorytalk View Se — versions all versions

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

us-cert.cisa.gov/ics/advisories/icsa-20-170-05 (x_refsource_MISC)
rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944 (x_refsource_MISC)
packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthe… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-12028?: CVE-2020-12028 is a high-severity vulnerability in Rockwell Automation Factorytalk View Se, classified under CWE-264. CVSS score: 7.3/10. Published 2020-07-20.
How severe is CVE-2020-12028?: High severity. CVSS v3 base score is 7.3 out of 10.
Is CVE-2020-12028 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.