cnvd - cnvd-2020-38689

CNVD-2020-38689

Vulnerability from cnvd - Published: 2020-07-14

Title

Rockwell Automation FactoryTalk View SE权限许可和访问控制问题漏洞

Description

Rockwell Automation FactoryTalk View SE是美国罗克韦尔（Rockwell Automation）公司的一款工业自动化系统视图界面。 Rockwell Automation FactoryTalk View SE中存在权限许可证和访问控制问题漏洞。远程攻击者可利用该漏洞在远程端点上进行数据交互。

Severity

高

Patch Name

Rockwell Automation FactoryTalk View SE权限许可和访问控制问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.rockwellautomation.com.cn/

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-170-05 ttps://www.zerodayinitiative.com/advisories/ZDI-20-729/

Impacted products

Name
Rockwell Automation FactoryTalk View SE

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-12028"
    }
  },
  "description": "Rockwell Automation FactoryTalk View SE\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u81ea\u52a8\u5316\u7cfb\u7edf\u89c6\u56fe\u754c\u9762\u3002\n\nRockwell Automation FactoryTalk View SE\u4e2d\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u8fdc\u7a0b\u7aef\u70b9\u4e0a\u8fdb\u884c\u6570\u636e\u4ea4\u4e92\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.rockwellautomation.com.cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-38689",
  "openTime": "2020-07-14",
  "patchDescription": "Rockwell Automation FactoryTalk View SE\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u81ea\u52a8\u5316\u7cfb\u7edf\u89c6\u56fe\u754c\u9762\u3002\r\n\r\nRockwell Automation FactoryTalk View SE\u4e2d\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u8fdc\u7a0b\u7aef\u70b9\u4e0a\u8fdb\u884c\u6570\u636e\u4ea4\u4e92\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rockwell Automation FactoryTalk View SE\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Rockwell Automation FactoryTalk View SE"
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-170-05\r\nttps://www.zerodayinitiative.com/advisories/ZDI-20-729/",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-19",
  "title": "Rockwell Automation FactoryTalk View SE\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2020-12028 (GCVE-0-2020-12028)

Vulnerability from cvelistv5 – Published: 2020-07-20 15:17 – Updated: 2024-09-16 23:26

Summary

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

Severity ?

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-264 - PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264

Assigner

icscert

References

URL

Tags

	https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05	x_refsource_MISC
	https://rockwellautomation.custhelp.com/app/answe…	x_refsource_MISC
	http://packetstormsecurity.com/files/160156/Rockw…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Rockwell Automation	FactoryTalk View SE	Affected: all versions

Credits

Trend Micro’s Zero Day Initiative reported these vulnerabilities to Rockwell Automation

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FactoryTalk View SE",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to Rockwell Automation"
        }
      ],
      "datePublic": "2020-06-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-20T17:06:18",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Rockwell Automation has released new versions of the affected products to mitigate the reported vulnerabilities. Affected users who are not able to apply the latest update are encouraged to seek additional mitigations or workarounds from the vendor\u2019s published guidelines in their security advisory.\nRockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs."
        }
      ],
      "source": {
        "advisory": "ICSA-20-170-05 Rockwell Automation FactoryTalk View SE",
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation FactoryTalk View SE",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2020-06-18T00:00:00.000Z",
          "ID": "CVE-2020-12028",
          "STATE": "PUBLIC",
          "TITLE": "Rockwell Automation FactoryTalk View SE"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FactoryTalk View SE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rockwell Automation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to Rockwell Automation"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05"
            },
            {
              "name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944",
              "refsource": "MISC",
              "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944"
            },
            {
              "name": "http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Rockwell Automation has released new versions of the affected products to mitigate the reported vulnerabilities. Affected users who are not able to apply the latest update are encouraged to seek additional mitigations or workarounds from the vendor\u2019s published guidelines in their security advisory.\nRockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs."
          }
        ],
        "source": {
          "advisory": "ICSA-20-170-05 Rockwell Automation FactoryTalk View SE",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12028",
    "datePublished": "2020-07-20T15:17:11.738641Z",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-09-16T23:26:08.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-38689

CVE-2020-12028 (GCVE-0-2020-12028)

Tags

Sightings

Nomenclature