CVE-2020-14481
published 2022-02-24CVE-2020-14481: The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.16%
5.6th percentile
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_view_se | — | — |
| rockwell_automation | factorytalk_view_se | unspecified – 9.0 | — |
| rockwellautomation | factorytalk_view | <= 9.0 | — |
| rockwellautomation | factorytalk_view | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9h67-gqh5-w6f6: The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user c
ghsa_unreviewed·2022-02-25
CVE-2020-14481 [HIGH] CWE-261 GHSA-9h67-gqh5-w6f6: The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user c
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.
CISA ICS
Rockwell Automation FactoryTalk View SE
cisa_ics·2022-02-23·CVSS 5.5
[MEDIUM] Rockwell Automation FactoryTalk View SE
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation FactoryTalk View SE
Last RevisedFebruary 23, 2022
Alert CodeICSA-20-177-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Low skill level to exploit
- Vendor: Rockwell Automation
- Equipment: FactoryTalk View SE
- Vulnerabilities: Cleartext Storage of Sensitive Information, Weak Encoding for Password
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to unauthorized access to server data.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of FactoryTalk View SE are affected:
- FactoryTalk View
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-24
Published