CVE-2020-12031
HIGHFactoryTalk View SE - Authenticated Memory Corruption leading to Arbitrary Code Execution
Title source: llmDescription
In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05
Vendor Advisory x_refsource_misc
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944
Scores
CVSS v3
7.5
EPSS
0.0001
EPSS Percentile
0.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-787
Status
published
Products (1)
rockwellautomation/factorytalk_view
Published
Jul 20, 2020
Tracked Since
Feb 18, 2026