cbcvebase.
CVE-2020-12027
published 2020-07-20

CVE-2020-12027: All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to…

PriorityP344medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EXPLOIT
EPSS
53.02%
98.8th percentile
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

Affected

1 ranges
VendorProductVersion rangeFixed in
rockwell_automationfactorytalk_view_se

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2020-12027 is an information disclosure vulnerability in all versions of Rockwell Automation FactoryTalk View SE that exposes hostnames and file paths to remote authenticated attackers; monitor for authenticated HTTP/HTTPS requests to FactoryTalk View SE endpoints that return hostname or file path data to low-privileged users.
  • CVE-2020-12027 is chained with four other vulnerabilities (CVE-2020-12029, CVE-2020-12028, CVE-2020-12031, and a race condition) in a full unauthenticated RCE exploit chain against FactoryTalk View SE; detection of any one of these CVEs should trigger investigation of the full chain.
  • The full exploit chain (including CVE-2020-12027 info leak) was weaponized in a public Metasploit module targeting FactoryTalk View SE as the IIS user; hunt for IIS process anomalies on FactoryTalk View SE hosts.
  • ·All versions of FactoryTalk View SE are affected by CVE-2020-12027; there is no version-based scoping for detection — any deployment is in scope.
  • ·At time of CISA advisory publication, no known public exploits specifically targeted CVE-2020-12027 in isolation, but it was used as a component of a chained exploit demonstrated at Pwn2Own Miami 2020.
  • ·CVSS v3 score for CVE-2020-12027 is 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), indicating network-reachable, low-privilege, no-interaction required — but impact is limited to confidentiality (information disclosure only).

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.