Unrated severityNVD Advisory· Published Jul 20, 2020· Updated Sep 16, 2024
Rockwell Automation FactoryTalk View SE
CVE-2020-12029
Description
All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2all+ 1 more
- (no CPE)range: all
- (no CPE)range: all versions
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.htmlmitrex_refsource_MISC
- rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944mitrex_refsource_MISC
- us-cert.cisa.gov/ics/advisories/icsa-20-170-05mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.