First published: Thu Jun 25 2020(Updated: )
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Factorytalk View | <=9.0 | |
Rockwellautomation Factorytalk View | =10.0 | |
Rockwell Automation FactoryTalk View SE Versions 9.0 and earlier | ||
Rockwell Automation FactoryTalk View SE Version 10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-14481 is a vulnerability in the DeskLock tool provided with FactoryTalk View SE, which uses a weak encryption algorithm and allows a local, authenticated attacker to decipher user credentials.
CVE-2020-14481 affects Rockwell Automation's FactoryTalk View versions 9.0 and 10.0, exposing user credentials to local, authenticated attackers.
CVE-2020-14481 has a severity score of 7.8, indicating a high level of risk.
An attacker with local, authenticated access can use a weak encryption algorithm in the DeskLock tool to decipher user credentials, including Windows user or Windows DeskLock passwords.
To fix CVE-2020-14481, it is recommended to update to a secure version of Rockwell Automation's FactoryTalk View that addresses the weak encryption algorithm vulnerability.