CVE-2020-14481: Weak Encryption
First published: Thu Jun 25 2020(Updated: )
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Factorytalk View | <=9.0 | |
| Rockwellautomation Factorytalk View | =10.0 | |
| Rockwell Automation FactoryTalk View SE Versions 9.0 and earlier | ||
| Rockwell Automation FactoryTalk View SE Version 10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14481?
CVE-2020-14481 is a vulnerability in the DeskLock tool provided with FactoryTalk View SE, which uses a weak encryption algorithm and allows a local, authenticated attacker to decipher user credentials.
How does CVE-2020-14481 affect Rockwell Automation's FactoryTalk View?
CVE-2020-14481 affects Rockwell Automation's FactoryTalk View versions 9.0 and 10.0, exposing user credentials to local, authenticated attackers.
What is the severity of CVE-2020-14481?
CVE-2020-14481 has a severity score of 7.8, indicating a high level of risk.
How can an attacker exploit this vulnerability?
An attacker with local, authenticated access can use a weak encryption algorithm in the DeskLock tool to decipher user credentials, including Windows user or Windows DeskLock passwords.
Is there a fix for CVE-2020-14481?
To fix CVE-2020-14481, it is recommended to update to a secure version of Rockwell Automation's FactoryTalk View that addresses the weak encryption algorithm vulnerability.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/last-modified-date
- agent/references
- agent/severity
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/rockwellautomation
- canonical/rockwellautomation factorytalk view
- version/rockwellautomation factorytalk view/9.0
- version/rockwellautomation factorytalk view/10.0
- vendor/rockwell automation
- canonical/rockwell automation factorytalk view se versions 9.0 and earlier
- canonical/rockwell automation factorytalk view se version 10.0