CVE-2020-12028 · CVEKit

cve.orgen

435 chars

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

NVDen

435 chars

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

NVDes

506 chars

En todas las versiones de FactoryTalk View SEA un atacante autenticado remoto puede ser capaz de usar determinados manejadores para interactuar con los datos en el endpoint remoto, ya que esos controladores no aplican los permisos apropiados. Rockwell Automation recomienda habilitar las funciones de seguridad integradas que se encuentran en FactoryTalk View SE. Los usuarios deben seguir la guía que se encuentra en los artículos 109056 y 1126943 de la base de conocimiento para configurar IPSec y/o HTTP

CVSS metrics across sources

5

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.5	8.0	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N
3.1	Primary	NVD	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N