Severity:
High
Advisory ID:
PN1515
Published Date:
June 25, 2020
Last Updated:
June 25, 2020
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2020-14480,
CVE-2020-14481
Summary
FactoryTalk View SE Credential Disclosure Vulnerabilities
Revision History
Revision Number
1.0
Revision History
Version 1.0 - June 25, 2020. Initial Release.
Executive Summary
Rockwell Automation received a report from Ilya Karpov and Evgeny Druzhinin who are part of the independent research team, ScadaX Security. They reported two vulnerabilities in FactoryTalk® View Site Edition (SE) software, which if successfully exploited, may result in the disclosure of Windows® Logon credentials (via the DeskLock software) or FactoryTalk View SE user credentials.
Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided herein.
Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided herein.
Affected Products
CVE-2020-14480: FactoryTalk View SE versions 9.0 and earlier.
CVE-2020-14481: FactoryTalk View SE version 10.0.
CVE-2020-14481: FactoryTalk View SE version 10.0.
Vulnerability Details
CVE-2020-14480: Cleartext Storage of Sensitive Information in Memory
A local, authenticated attacker may have access to certain credentials, including Windows Logon credentials, as a result of usernames/passwords being stored in plaintext in Random Access Memory (RAM).
CVSS v3.1 Base Score: 8.8/HIGH
CVSS v3.1 Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2020-14481: Use of a Weak Algorithm for Password Protection
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.
CVSS v3.1 Base Score: 8.8/HIGH
CVSS v3.1 Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Risk Mitigation & User Action
Customers using the affected versions of DeskLock provided with FactoryTalk View SE are encouraged to update to an available software version that addresses the associated risk. Customers who are unable to update are directed towards risk mitigation strategies provided below, and are encouraged, when possible, to combine these with the general security guidelines to employ multiple strategies simultaneously.
| Product Family | Catalog Numbers | CVE # | Suggested Actions |
| FactoryTalk View SE | 9701-VWSx | CVE-2020-14480 | Download v10.0 or later. |
| FactoryTalk View SE | 9701-VWSx | CVE-2020-14481 | Download v11.0 or later. |
General Security Guidelines
GENERAL SECURITY GUIDELINES
Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.
See the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.
We also recommend that concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation at PN1354 - Industrial Security Advisory Index.
Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, visit the Rockwell Automation Security Solutions website.
Requests for additional information can be sent to the RASecure Inbox (rasecure@ra.rockwell.com).
Please direct all media inquiries to Kolve Byrd (KAByrd@ra.rockwell.com).
ADDITIONAL LINKS
- Run all software as User, not as an Administrator, to minimize the impact of malicious code on the infected system.
- Use of Microsoft® AppLocker or other similar whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at Knowledgebase Article ID QA17329.
- Ensure that the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.
- Use trusted software, software patches, antivirus/antimalware programs and interact only with trusted websites and attachments.
Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.
See the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.
We also recommend that concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation at PN1354 - Industrial Security Advisory Index.
Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, visit the Rockwell Automation Security Solutions website.
Requests for additional information can be sent to the RASecure Inbox (rasecure@ra.rockwell.com).
Please direct all media inquiries to Kolve Byrd (KAByrd@ra.rockwell.com).
ADDITIONAL LINKS
- PN1354 - Industrial Security Advisory Index.
- Industrial Firewalls within a CPwE Architecture
- Deploying Industrial Firewalls within a CPwE Architecture Design and Implementation Guide
- https://www.us-cert.gov/ics/advisories/icsa-20-177-03
Copyright ©2022 Rockwell Automation, Inc.