VAR-202006-1884
Vulnerability from variot - Updated: 2023-12-18 13:33The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. FactoryTalk View SE There is a security level vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface of Rockwell Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1884",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "factorytalk view",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "10.0"
},
{
"model": "factorytalk view",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "9.0"
},
{
"model": "factorytalk view",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "factorytalk view",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation factorytalk view se",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=9.0"
},
{
"model": "automation factorytalk view se",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:se:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_view:10.0:*:*:*:se:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"cve": "CVE-2020-14481",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-14481",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-38416",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-167364",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14481",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14481",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38416",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1745",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-167364",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user\u2019s operating system and certain components of FactoryTalk View SE. FactoryTalk View SE There is a security level vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface of Rockwell Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14481"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14481",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-20-177-03",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38416",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2210",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167364",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
]
},
"id": "VAR-202006-1884",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
}
],
"trust": 1.3777777699999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
}
]
},
"last_update_date": "2023-12-18T13:33:01.487000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/en-us.html"
},
{
"title": "Patch for Rockwell Automation FactoryTalk View SE Password Weak Coding Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/225341"
},
{
"title": "Rockwell Automation FactoryTalk View SE Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122388"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.1
},
{
"problemtype": "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167364"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-177-03"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14481"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-14481/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2210/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"date": "2022-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-167364"
},
{
"date": "2023-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"date": "2022-02-24T19:15:08.853000",
"db": "NVD",
"id": "CVE-2020-14481"
},
{
"date": "2020-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"date": "2022-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-167364"
},
{
"date": "2023-06-28T07:22:00",
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"date": "2022-03-04T18:28:11.570000",
"db": "NVD",
"id": "CVE-2020-14481"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FactoryTalk\u00a0View\u00a0SE\u00a0 Cryptographic strength vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…