CVE-2020-14481 — HIGH (7.8)

Q: How severe is CVE-2020-14481?

CVE-2020-14481 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14481?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Factorytalk View.

Vulnerability Description

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rockwellautomation	Factorytalk View	<= 9.0

Related Weaknesses (CWE)

CWE-326 CWE-261

References

https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03MitigationThird Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-14481?

CVE-2020-14481 is a vulnerability with a CVSS score of 7.8 (HIGH). The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows ...

How severe is CVE-2020-14481?

CVE-2020-14481 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14481?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Factorytalk View.