CVE-2020-14516
published 2021-03-18CVE-2020-14516: In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm…
PriorityP262critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
4.09%
89.5th percentile
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | factorytalk_services_platform | — | — |
| rockwellautomation | factorytalk_services_platform | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability allows remote unauthenticated attacker to create new users in the FactoryTalk Services Platform administration console — monitor for unexpected user creation events in the FactoryTalk Services Platform admin console ↗
- →Affected versions are FactoryTalk Services Platform 6.10.00 and 6.11.00 — alert on presence of these specific versions in the environment ↗
- →Root cause is improper SHA-256 password hashing — forensically, password hashes stored for FactoryTalk Services Platform 6.10.00/6.11.00 users may not be properly hashed and could indicate compromise or bypass ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication ↗
- ·Patched version download requires a Rockwell Automation login — patch availability cannot be independently verified without vendor portal access ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-96wm-8v29-wg5g: In Rockwell Automation FactoryTalk Services Platform Versions 6
ghsa_unreviewed·2022-05-24
CVE-2020-14516 [CRITICAL] CWE-916 GHSA-96wm-8v29-wg5g: In Rockwell Automation FactoryTalk Services Platform Versions 6
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.
CISA ICS
Rockwell Automation FactoryTalk Services Platform
cisa_ics·2021-02-23·CVSS 10.0
[CRITICAL] Rockwell Automation FactoryTalk Services Platform
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation FactoryTalk Services Platform
Last RevisedFebruary 23, 2021
Alert CodeICSA-21-054-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Rockwell Automation
- Equipment: FactoryTalk Services
- Vulnerability: Use of Password Hash with Insufficient Computational Effort
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote, unauthenticated attacker to create new users in the FactoryTalk Services Platform administration console. These new users could allow an attack
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-18
Published