HTTP: Rockwell Factorytalk Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Rockwell factorytalk. A successful attack can lead to sensitive information disclosure.

Extended Description

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

Affected Products

Rockwellautomation factorytalk_view

References

CVE: CVE-2020-12027

Short Name
HTTP:CTS:ROCKWELL-FACTRYTALK-CE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2020-12027 Code Execution Factorytalk Remote Rockwell
Release Date
06/04/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3390
False Positive
Unknown
Vendors

Rockwellautomation

CVSS Score

4.0

Found a potential security threat?