CVE-2020-14481 Explained : Impact and Mitigation

FactoryTalk View SE by Rockwell Automation is affected by a vulnerability that allows a local attacker to decipher user credentials due to weak encryption. This could lead to unauthorized access to the operating system and FactoryTalk View SE components.

Understanding CVE-2020-14481

The vulnerability in FactoryTalk View SE could enable an attacker to gain access to sensitive user credentials and potentially compromise the system.

What is CVE-2020-14481?

The DeskLock tool in FactoryTalk View SE uses a weak encryption algorithm, allowing a local attacker to decrypt user credentials, including Windows user or DeskLock passwords. If the compromised user has administrative privileges, the attacker could exploit this to gain full system access.

The Impact of CVE-2020-14481

The vulnerability poses a significant security risk as it could lead to unauthorized access to the operating system and certain components of FactoryTalk View SE, compromising sensitive data and system integrity.

Technical Details of CVE-2020-14481

FactoryTalk View SE vulnerability details and affected systems.

Vulnerability Description

Weak encryption algorithm in DeskLock tool
Local attacker can decipher user credentials
Risk of unauthorized access to the system

Affected Systems and Versions

Product: FactoryTalk View SE
Vendor: Rockwell Automation
Versions: <= 9.0 (custom), 10.0

Exploitation Mechanism

Local, authenticated attacker decrypts user credentials
Potential access to Windows user and DeskLock passwords

Mitigation and Prevention

Protecting systems from CVE-2020-14481.

Immediate Steps to Take

Disable DeskLock tool if not essential
Monitor system for unauthorized access
Implement strong password policies

Long-Term Security Practices

Regularly update FactoryTalk View SE
Conduct security training for users
Implement multi-factor authentication

Patching and Updates

Apply security patches from Rockwell Automation
Stay informed about security advisories and updates