Sign-up

ID

VAR-202007-0196


CVE

CVE-2020-12031


TITLE

FactoryTalk View SE Buffer error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008254

DESCRIPTION

In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx. FactoryTalk View SE Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation FactoryTalk View SE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process

Trust: 2.88

sources: NVD: CVE-2020-12031 // JVNDB: JVNDB-2020-008254 // ZDI: ZDI-20-731 // CNVD: CNVD-2020-38690 // VULHUB: VHN-164669

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38690

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:factorytalk viewscope:eqversion:*

Trust: 1.0

vendor:rockwell automationmodel:factorytalk viewscope:eqversion:se

Trust: 0.8

vendor:rockwell automationmodel:factorytalk view sescope: - version: -

Trust: 0.7

vendor:rockwellmodel:automation factorytalk view sescope: - version: -

Trust: 0.6

sources: ZDI: ZDI-20-731 // CNVD: CNVD-2020-38690 // JVNDB: JVNDB-2020-008254 // NVD: CVE-2020-12031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12031
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2020-12031
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008254
value: HIGH

Trust: 0.8

ZDI: CVE-2020-12031
value: HIGH

Trust: 0.7

CNVD: CNVD-2020-38690
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-1220
value: HIGH

Trust: 0.6

VULHUB: VHN-164669
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12031
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008254
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-38690
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-164669
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12031
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2020-12031
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008254
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-12031
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-731 // CNVD: CNVD-2020-38690 // VULHUB: VHN-164669 // JVNDB: JVNDB-2020-008254 // CNNVD: CNNVD-202006-1220 // NVD: CVE-2020-12031 // NVD: CVE-2020-12031

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-164669 // JVNDB: JVNDB-2020-008254 // NVD: CVE-2020-12031

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1220

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1220

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008254

PATCH
title:Top Pageurl:https://www.rockwellautomation.com/en-us.html
Trust: 0.8
title:Rockwell Automation has issued an update to correct this vulnerability.url:https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944
Trust: 0.7
title:Patch for Rockwell Automation FactoryTalk View SE buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/225397
Trust: 0.6
title:Rockwell Automation FactoryTalk View SE Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121981
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-731 // 
            
            
            
            CNVD: CNVD-2020-38690 // 
            
            
            
            JVNDB: JVNDB-2020-008254 // 
            
            
            
            CNNVD: CNNVD-202006-1220

EXTERNAL IDS
db:NVDid:CVE-2020-12031
Trust: 3.8
db:ICS CERTid:ICSA-20-170-05
Trust: 3.1
db:ZDIid:ZDI-20-731
Trust: 1.3
db:JVNid:JVNVU97172119
Trust: 0.8
db:JVNDBid:JVNDB-2020-008254
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-10270
Trust: 0.7
db:CNVDid:CNVD-2020-38690
Trust: 0.7
db:CNNVDid:CNNVD-202006-1220
Trust: 0.7
db:NSFOCUSid:47328
Trust: 0.6
db:VULHUBid:VHN-164669
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-731 // 
            
            
            
            CNVD: CNVD-2020-38690 // 
            
            
            
            VULHUB: VHN-164669 // 
            
            
            
            JVNDB: JVNDB-2020-008254 // 
            
            
            
            CNNVD: CNNVD-202006-1220 // 
            
            
            
            NVD: CVE-2020-12031

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05
Trust: 2.5
url:https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-12031
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsa-20-170-05
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12031
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97172119/index.html
Trust: 0.8
url:https://www.zerodayinitiative.com/advisories/zdi-20-731/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47328
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-731 // 
            
            
            
            CNVD: CNVD-2020-38690 // 
            
            
            
            VULHUB: VHN-164669 // 
            
            
            
            JVNDB: JVNDB-2020-008254 // 
            
            
            
            CNNVD: CNNVD-202006-1220 // 
            
            
            
            NVD: CVE-2020-12031

CREDITS
Tobias Scharnowski (@ScepticCtf), Niklas Breitfeld (@brymko), Ali Abbasi (@bl4ckic3), researchers at the Chair for Systems Security (SysSec) at Ruhr-University Bochum
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-731

SOURCES
db:ZDIid:ZDI-20-731
db:CNVDid:CNVD-2020-38690
db:VULHUBid:VHN-164669
db:JVNDBid:JVNDB-2020-008254
db:CNNVDid:CNNVD-202006-1220
db:NVDid:CVE-2020-12031

LAST UPDATE DATE
2024-11-23T21:59:09.726000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-731date:2021-06-29T00:00:00
db:CNVDid:CNVD-2020-38690date:2020-07-14T00:00:00
db:VULHUBid:VHN-164669date:2021-09-23T00:00:00
db:JVNDBid:JVNDB-2020-008254date:2020-09-07T00:00:00
db:CNNVDid:CNNVD-202006-1220date:2021-09-24T00:00:00
db:NVDid:CVE-2020-12031date:2024-11-21T04:59:08.943

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-731date:2020-06-22T00:00:00
db:CNVDid:CNVD-2020-38690date:2020-07-14T00:00:00
db:VULHUBid:VHN-164669date:2020-07-20T00:00:00
db:JVNDBid:JVNDB-2020-008254date:2020-09-07T00:00:00
db:CNNVDid:CNNVD-202006-1220date:2020-06-18T00:00:00
db:NVDid:CVE-2020-12031date:2020-07-20T16:15:12.257