CRITICAL🇵🇱 Wersja polska

CVE-2020-6967

CVSS 9.8v3.1pub. 2020-03-23upd. 2024-11-21

In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rockwellautomation Factorytalk Services Platform

    APP
    Rockwellautomation
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2021-22681CRITICAL9.8⚠ KEVten sam produkt

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 ...

CVE-2024-21915CRITICAL9.0PL ✓ten sam produkt

Privilege escalation w Rockwell Automation FactoryTalk Services Platform

CVE-2024-21917CRITICAL9.8PL ✓ten sam produkt

Rockwell Automation FactoryTalk — przechwycenie tokenu uwierzytelniającego (brak podpisu cyfrowego)

CVE-2020-14516CRITICAL10.0ten sam produkt

In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the ...

CVE-2023-46290HIGH8.1ten sam produkt

Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Wind...