CyberSec.Space Logo
Back to CVE Browser

CVE-2020-12033

HIGH
8.8
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile40.82th
PublishedJun 23, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.

Affected Platforms (CPE)

📦
Rockwellautomation

Factorytalk Services Platform

All versions

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsa-20-170-04
🔗 https://www.us-cert.gov/ics/advisories/icsa-20-170-04

Related Vulnerabilities

CVE-2020-1451610.0

In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of th...

CVE-2020-69679.8

In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, Factory...

CVE-2021-329608.5

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vu...

CVE-2012-47137.8

Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR...