CRITICAL🇬🇧 English

CVE-2020-12029

CVSS 9.0v3.1pub. 2020-07-20upd. 2024-11-21

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Rockwellautomation Factorytalk View

    APP
    Rockwellautomation
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2024-45824CRITICAL9.2PL ✓ten sam produkt

RCE w Rockwell Automation FactoryTalk View — łańcuch path traversal, command injection i XSS

CVE-2023-2071CRITICAL9.8ten sam produkt

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input,...

CVE-2025-9064HIGH8.7ten sam produkt

A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attac...

CVE-2025-9063HIGH7.0ten sam produkt

An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX co...

CVE-2024-37365HIGH7.0ten sam produkt

A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save p...