Details of VAR-202006-1882

ID

VAR-202006-1882

CVE

CVE-2020-14480

TITLE

FactoryTalk View Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006075

DESCRIPTION

Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials. FactoryTalk View There is a vulnerability in plaintext storage of important information.Information may be obtained. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface of Rockwell Automation. An information disclosure vulnerability exists in Rockwell Automation FactoryTalk View SE, which can be used by attackers to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2020-14480 // JVNDB: JVNDB-2022-006075 // CNVD: CNVD-2020-38417 // VULHUB: VHN-167363

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-38417

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk view	scope:	lte	version:	9.0	Trust: 1.0
vendor:	rockwellautomation	model:	factorytalk view	scope:	eq	version:	10.0	Trust: 1.0
vendor:	rockwell automation	model:	factorytalk view	scope:	eq	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	factorytalk view	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell	model:	automation factorytalk view se	scope:	lte	version:	<=9.0	Trust: 0.6
vendor:	rockwell	model:	automation factorytalk view se	scope:	eq	version:	1.0	Trust: 0.6

sources: CNVD: CNVD-2020-38417 // JVNDB: JVNDB-2022-006075 // NVD: CVE-2020-14480

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14480
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2020-14480
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-14480
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-38417
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202006-1739
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-167363
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-14480
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-38417
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-167363
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-14480
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-14480
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-38417 // VULHUB: VHN-167363 // JVNDB: JVNDB-2022-006075 // CNNVD: CNNVD-202006-1739 // NVD: CVE-2020-14480 // NVD: CVE-2020-14480

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.1
problemtype:	Plaintext storage of important information (CWE-312) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-167363 // JVNDB: JVNDB-2022-006075 // NVD: CVE-2020-14480

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1739

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1739

PATCH

title:	Top Page	url:	https://www.rockwellautomation.com/en-us.html	Trust: 0.8
title:	Patch for Rockwell Automation FactoryTalk View SE Information Disclosure Vulnerability (CNVD-2020-38417)	url:	https://www.cnvd.org.cn/patchInfo/show/225335	Trust: 0.6
title:	Rockwell Automation FactoryTalk View SE Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122382	Trust: 0.6

sources: CNVD: CNVD-2020-38417 // JVNDB: JVNDB-2022-006075 // CNNVD: CNNVD-202006-1739

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14480	Trust: 3.9
db:	ICS CERT	id:	ICSA-20-177-03	Trust: 3.1
db:	JVNDB	id:	JVNDB-2022-006075	Trust: 0.8
db:	CNVD	id:	CNVD-2020-38417	Trust: 0.7
db:	CNNVD	id:	CNNVD-202006-1739	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2210	Trust: 0.6
db:	VULHUB	id:	VHN-167363	Trust: 0.1

sources: CNVD: CNVD-2020-38417 // VULHUB: VHN-167363 // JVNDB: JVNDB-2022-006075 // CNNVD: CNNVD-202006-1739 // NVD: CVE-2020-14480

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03	Trust: 2.5
url:	https://www.us-cert.gov/ics/advisories/icsa-20-177-03	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14480	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2210/	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2020-14480/	Trust: 0.6

sources: CNVD: CNVD-2020-38417 // VULHUB: VHN-167363 // JVNDB: JVNDB-2022-006075 // CNNVD: CNNVD-202006-1739 // NVD: CVE-2020-14480

SOURCES

db:	CNVD	id:	CNVD-2020-38417
db:	VULHUB	id:	VHN-167363
db:	JVNDB	id:	JVNDB-2022-006075
db:	CNNVD	id:	CNNVD-202006-1739
db:	NVD	id:	CVE-2020-14480

LAST UPDATE DATE

2025-04-18T23:36:36.132000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-38417	date:	2020-07-13T00:00:00
db:	VULHUB	id:	VHN-167363	date:	2022-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-006075	date:	2023-06-28T07:36:00
db:	CNNVD	id:	CNNVD-202006-1739	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2020-14480	date:	2025-04-17T19:15:50.073

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-38417	date:	2020-07-13T00:00:00
db:	VULHUB	id:	VHN-167363	date:	2022-02-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-006075	date:	2023-06-28T00:00:00
db:	CNNVD	id:	CNNVD-202006-1739	date:	2020-06-25T00:00:00
db:	NVD	id:	CVE-2020-14480	date:	2022-02-24T19:15:08.807