PT-2022-8569 · Rockwell Automation · Factorytalk View Se

Published

2022-02-24

Updated

2022-03-04

CVE-2020-14481

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FactoryTalk View SE (affected versions not specified)

Description The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-261

Related Identifiers

CVE-2020-14481

Affected Products

Factorytalk View Se

PT-2022-8569 · Rockwell Automation · Factorytalk View Se

CVE-2020-14481

Weakness Enumeration

Related Identifiers

Affected Products

References · 5