Lucene search
Tobias Scharnowski (@ScepticCtf), Niklas Breitfeld (@brymko), Ali Abbasi (@bl4ckic3), researchers at the Chair for Systems Security (SysSec) at Ruhr-University BochumZDI-20-731HistoryJun 22, 2020 - 12:00 a.m.
(Pwn2Own) Rockwell Automation FactoryTalk View SE Project File Parsing Out-Of-Bounds Access Remote Code Execution Vulnerability
2020-06-2200:00:00
Tobias Scharnowski (@ScepticCtf), Niklas Breitfeld (@brymko), Ali Abbasi (@bl4ckic3), researchers at the Chair for Systems Security (SysSec) at Ruhr-University Bochum
www.zerodayinitiative.com
28
EPSS
0.001
Percentile
28.2%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation FactoryTalk View SE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
prion
prion
Memory corruption
2020-07-20 16:15:00
nessus
nessus
Rockwell (CVE-2020-12031) (deprecated)
2022-02-07 00:00:00
nvd
nvd
CVE-2020-12031
2020-07-20 16:15:12
cvelist
cvelist
CVE-2020-12031 Rockwell Automation FactoryTalk View SE
2020-07-20 15:10:06
cve
cve
CVE-2020-12031
2020-07-20 16:15:12
ics
ics
Rockwell Automation FactoryTalk View SE
2020-06-18 12:00:00