CVE-2020-12029

Name of the Vulnerable Software and Affected Versions FactoryTalk View SE versions (affected versions not specified)

Description The issue is related to improper validation of input filenames within a project directory, allowing a remote, unauthenticated attacker to potentially execute a crafted file on a remote endpoint, resulting in remote code execution (RCE).

Recommendations Apply patch 1126289, but first ensure the patch rollup dated 06 Apr 2020 or later is installed. As a temporary workaround, consider restricting access to the project directory to minimize the risk of exploitation.