CVE-2020-12029

CRITICAL

Rockwell Automation FactoryTalk View SE - Unauthenticated Remote Code Execution via Crafted Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-12029. Includes Metasploit module exploits/windows/scada/rockwell_factorytalk_rce.

AI-analyzed exploit summary This Metasploit module exploits a chain of five vulnerabilities in Rockwell FactoryTalk View SE SCADA to achieve unauthenticated remote code execution. It leverages unauthenticated project copy requests, directory traversal, race conditions, and information leaks to execute arbitrary code as the IIS user.

Description

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/rockwell_factorytalk_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a chain of five vulnerabilities in Rockwell FactoryTalk View SE SCADA to achieve unauthenticated remote code execution. It leverages unauthenticated project copy requests, directory traversal, race conditions, and information leaks to execute arbitrary code as the IIS user.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Rockwell FactoryTalk View SE SCADA (version 11.00.00.230)

No auth needed

Prerequisites: Network access to the target system · Target system running vulnerable version of Rockwell FactoryTalk View SE SCADA

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05

Vendor Advisory x_refsource_misc

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html

Scores

CVSS v3 9.0

EPSS 0.4498

EPSS Percentile 98.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Details

CWE

CWE-20

Status published

Products (1)

rockwellautomation/factorytalk_view

Published Jul 20, 2020

Tracked Since Feb 18, 2026