First published: Thu Feb 24 2022(Updated: )
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Factorytalk Services Platform | <=6.11.00 | |
Rockwell Automation Versions 6.11.00 and earlier |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-14478.
The severity of CVE-2020-14478 is high with a score of 7.1.
This vulnerability occurs due to a weakly configured XML file that can be exploited using an XML External Entity (XXE) attack.
If an attacker successfully exploits this vulnerability, they could cause a denial-of-service condition and gain access to local or remote content.
It is recommended to update to Rockwell Automation FactoryTalk Services Platform version 6.11.01 or later to fix this vulnerability.