Rockwell Automation FactoryTalk Services Platform

Monitor7.5ICS-CERT ICSA-20-170-04Jun 18, 2020

Attack VectorAdjacent

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

FactoryTalk Services Platform contains an input validation flaw (CWE-20) that allows unauthenticated attackers on the local network to execute COM objects with elevated system privileges. Successful exploitation could grant administrative-level access to manufacturing data systems and process control infrastructure. No patch is available from Rockwell Automation.

What this means

What could happen

An attacker on the local network could execute COM objects with elevated privileges on FactoryTalk Services Platform, potentially gaining administrative-level control over manufacturing systems and data management infrastructure.

Who's at risk

Manufacturing facilities using Rockwell Automation FactoryTalk Services Platform for process data management, recipe control, or operations oversight. Particularly relevant to automotive, pharmaceutical, chemical, and discrete manufacturing where FactoryTalk manages batch control, alarm handling, or central manufacturing data repositories.

How it could be exploited

An attacker with local network access could send specially crafted COM object requests to the FactoryTalk Services Platform without authentication. The vulnerability allows elevation of privilege, enabling the attacker to execute arbitrary COM objects with the privileges of the FactoryTalk service account (typically system or administrator level).

Prerequisites

Local network access to FactoryTalk Services Platform (AV:A indicates adjacent network access)
No valid credentials required
High attack complexity (AC:H) suggests some specific conditions or timing may be required

No authentication requiredLow attack complexity not indicated but AC:H suggests moderate difficultyAffects administrative/elevated privileges on critical systemsNo patch available (end-of-life product)Local network access only (not Internet-exploitable)

Exploitability

Moderate exploit probability (EPSS 1.6%)

Affected products (1)

ProductAffected VersionsFix Status

Factorytalk Services Platform: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGVerify FactoryTalk Services Platform installation using Rockwell Automation Knowledgebase article 25612

HARDENINGMinimize network exposure: ensure FactoryTalk Services Platform is not accessible from the Internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement secure communication strategy per Rockwell Automation Knowledgebase article 109056

HARDENINGIf remote access is required, implement VPN with current security updates

Mitigations - no patch available

0/1

Factorytalk Services Platform: All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate FactoryTalk Services Platform and control system networks behind firewalls, separate from business network

CVEs (1)

CVE-2020-12033

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/648c5fd9-77f4-43f2-b859-821d12ec7a1a