CVE-2020-12033: Input Validation
First published: Tue Jun 23 2020(Updated: )
In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Factorytalk Services Platform |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability in Rockwell Automation FactoryTalk Services Platform?
The vulnerability ID for this vulnerability in Rockwell Automation FactoryTalk Services Platform is CVE-2020-12033.
What is the severity level of CVE-2020-12033?
The severity level of CVE-2020-12033 is high with a severity value of 8.8.
How does CVE-2020-12033 impact Rockwell Automation FactoryTalk Services Platform?
CVE-2020-12033 allows an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges in Rockwell Automation FactoryTalk Services Platform.
What is the affected software for CVE-2020-12033?
The affected software for CVE-2020-12033 is Rockwell Automation FactoryTalk Services Platform.
Is there any fix available for CVE-2020-12033?
It is recommended to apply the latest security patches or updates provided by Rockwell Automation to mitigate the vulnerability CVE-2020-12033.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/rockwellautomation
- canonical/rockwellautomation factorytalk services platform