CVE-2020-12033

HIGH

Rockwell FactoryTalk Services Platform - Unauthenticated Remote COM Execution

Title source: llm
STIX 2.1

Description

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-170-04

Scores

CVSS v3 8.8
EPSS 0.0162
EPSS Percentile 82.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
rockwellautomation/factorytalk_services_platform
Published Jun 23, 2020
Tracked Since Feb 18, 2026