var-202006-1884
Vulnerability from variot
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE. FactoryTalk View SE There is a security level vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface of Rockwell Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1884",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "factorytalk view",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "9.0"
},
{
"model": "factorytalk view",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "10.0"
},
{
"model": "factorytalk view",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "factorytalk view",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation factorytalk view se",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=9.0"
},
{
"model": "automation factorytalk view se",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"cve": "CVE-2020-14481",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14481",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-38416",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-167364",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-14481",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14481",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14481",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14481",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-38416",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1745",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-167364",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user\u2019s operating system and certain components of FactoryTalk View SE. FactoryTalk View SE There is a security level vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface of Rockwell Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14481"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14481",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-20-177-03",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38416",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2210",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167364",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"id": "VAR-202006-1884",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
}
],
"trust": 1.45101215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
}
]
},
"last_update_date": "2024-08-14T14:38:22.742000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/en-us.html"
},
{
"title": "Patch for Rockwell Automation FactoryTalk View SE Password Weak Coding Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225341"
},
{
"title": "Rockwell Automation FactoryTalk View SE Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122388"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.1
},
{
"problemtype": "CWE-261",
"trust": 1.0
},
{
"problemtype": "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167364"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03"
},
{
"trust": 1.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-177-03"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14481"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2020-14481/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2210/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"db": "VULHUB",
"id": "VHN-167364"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
},
{
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"date": "2022-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-167364"
},
{
"date": "2023-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"date": "2020-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1745"
},
{
"date": "2022-02-24T19:15:08.853000",
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38416"
},
{
"date": "2022-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-167364"
},
{
"date": "2023-06-28T07:22:00",
"db": "JVNDB",
"id": "JVNDB-2022-006074"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1745"
},
{
"date": "2022-03-04T18:28:11.570000",
"db": "NVD",
"id": "CVE-2020-14481"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FactoryTalk\u00a0View\u00a0SE\u00a0 Cryptographic strength vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006074"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1745"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.