Details of VAR-202006-1884

ID

VAR-202006-1884

CVE

CVE-2020-14481

TITLE

FactoryTalk View SE Cryptographic strength vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006074

DESCRIPTION

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. FactoryTalk View SE There is a security level vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface of Rockwell Automation

Trust: 2.25

sources: NVD: CVE-2020-14481 // JVNDB: JVNDB-2022-006074 // CNVD: CNVD-2020-38416 // VULHUB: VHN-167364

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-38416

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk view	scope:	lte	version:	9.0	Trust: 1.0
vendor:	rockwellautomation	model:	factorytalk view	scope:	eq	version:	10.0	Trust: 1.0
vendor:	rockwell automation	model:	factorytalk view	scope:	eq	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	factorytalk view	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell	model:	automation factorytalk view se	scope:	lte	version:	<=9.0	Trust: 0.6
vendor:	rockwell	model:	automation factorytalk view se	scope:	eq	version:	1.0	Trust: 0.6

sources: CNVD: CNVD-2020-38416 // JVNDB: JVNDB-2022-006074 // NVD: CVE-2020-14481

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14481
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-14481
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-38416
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202006-1745
value:	HIGH
Trust: 0.6
VULHUB:	VHN-167364
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-14481
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-38416
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-167364
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-14481
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-14481
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-38416 // VULHUB: VHN-167364 // JVNDB: JVNDB-2022-006074 // CNNVD: CNNVD-202006-1745 // NVD: CVE-2020-14481

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.1
problemtype:	CWE-261	Trust: 1.0
problemtype:	Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-167364 // JVNDB: JVNDB-2022-006074 // NVD: CVE-2020-14481

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1745

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1745

PATCH

title:	Top Page	url:	https://www.rockwellautomation.com/en-us.html	Trust: 0.8
title:	Patch for Rockwell Automation FactoryTalk View SE Password Weak Coding Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/225341	Trust: 0.6
title:	Rockwell Automation FactoryTalk View SE Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122388	Trust: 0.6

sources: CNVD: CNVD-2020-38416 // JVNDB: JVNDB-2022-006074 // CNNVD: CNNVD-202006-1745

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14481	Trust: 3.9
db:	ICS CERT	id:	ICSA-20-177-03	Trust: 3.1
db:	JVNDB	id:	JVNDB-2022-006074	Trust: 0.8
db:	CNVD	id:	CNVD-2020-38416	Trust: 0.7
db:	CNNVD	id:	CNNVD-202006-1745	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2210	Trust: 0.6
db:	VULHUB	id:	VHN-167364	Trust: 0.1

sources: CNVD: CNVD-2020-38416 // VULHUB: VHN-167364 // JVNDB: JVNDB-2022-006074 // CNNVD: CNNVD-202006-1745 // NVD: CVE-2020-14481

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03	Trust: 2.5
url:	https://www.us-cert.gov/ics/advisories/icsa-20-177-03	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14481	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2020-14481/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2210/	Trust: 0.6

sources: CNVD: CNVD-2020-38416 // VULHUB: VHN-167364 // JVNDB: JVNDB-2022-006074 // CNNVD: CNNVD-202006-1745 // NVD: CVE-2020-14481

SOURCES

db:	CNVD	id:	CNVD-2020-38416
db:	VULHUB	id:	VHN-167364
db:	JVNDB	id:	JVNDB-2022-006074
db:	CNNVD	id:	CNNVD-202006-1745
db:	NVD	id:	CVE-2020-14481

LAST UPDATE DATE

2024-08-14T14:38:22.742000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-38416	date:	2020-07-13T00:00:00
db:	VULHUB	id:	VHN-167364	date:	2022-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-006074	date:	2023-06-28T07:22:00
db:	CNNVD	id:	CNNVD-202006-1745	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-14481	date:	2022-03-04T18:28:11.570

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-38416	date:	2020-07-13T00:00:00
db:	VULHUB	id:	VHN-167364	date:	2022-02-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-006074	date:	2023-06-28T00:00:00
db:	CNNVD	id:	CNNVD-202006-1745	date:	2020-06-25T00:00:00
db:	NVD	id:	CVE-2020-14481	date:	2022-02-24T19:15:08.853