CVE-2020-12033

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.
References
Link Resource
https://www.us-cert.gov/ics/advisories/icsa-20-170-04 Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-170-04 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:59

Type Values Removed Values Added
References () https://www.us-cert.gov/ics/advisories/icsa-20-170-04 - Third Party Advisory, US Government Resource () https://www.us-cert.gov/ics/advisories/icsa-20-170-04 - Third Party Advisory, US Government Resource

Information

Published : 2020-06-23 22:15

Updated : 2024-11-21 04:59


NVD link : CVE-2020-12033

Mitre link : CVE-2020-12033

CVE.ORG link : CVE-2020-12033


JSON object : View

Products Affected

rockwellautomation

  • factorytalk_services_platform
CWE
CWE-20

Improper Input Validation