CVE-2020-14480

2022-02-2418:27:14

CWE-312

icscert

www.cve.org

plaintext storage

ram

local attacker

windows logon credentials

AI Score

5.4

Confidence

High

EPSS

Percentile

0.4%

JSON

Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.

CNA Affected

[
  {
    "product": "FactoryTalk View SE",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "lessThanOrEqual": "9.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "10.0"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-20-177-03