CVE CVE-2020-12029 Mappings

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.


Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2020-12029 FactoryTalk View SE primary_impact T1505.003 Web Shell
CVE-2020-12029 FactoryTalk View SE secondary_impact T1059 Command and Scripting Interpreter
CVE-2020-12029 FactoryTalk View SE exploitation_technique T1133 External Remote Services