HIGH🇵🇱 Wersja polska

CVE-2020-14481

CVSS 7.8v3.1pub. 2022-02-24upd. 2025-04-17

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Rockwellautomation Factorytalk View

    APP
    Rockwellautomation
    10.0≤ 9.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-45824CRITICAL9.2PL ✓ten sam produkt

RCE w Rockwell Automation FactoryTalk View — łańcuch path traversal, command injection i XSS

CVE-2023-2071CRITICAL9.8ten sam produkt

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input,...

CVE-2020-12029CRITICAL9.0ten sam produkt

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A ...

CVE-2025-9063HIGH7.0ten sam produkt

An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX co...

CVE-2025-9064HIGH8.7ten sam produkt

A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attac...