FactoryTalk View SE contains multiple vulnerabilities that allow authenticated attackers to manipulate data in the HMI application. CVE-2020-12029 and CVE-2020-12031 involve input validation and buffer overflow flaws (CWE-20, CWE-119). CVE-2020-12028 and CVE-2020-12027 involve improper access controls and information disclosure (CWE-285, CWE-200) that allow unauthorized data modification and viewing. An attacker with valid credentials or local system access to a FactoryTalk View SE workstation can exploit these flaws to alter process data, displays, and logs without authorization. Successful exploitation could affect operator situational awareness, production records, and system integrity.
What this means
What could happen
An authenticated attacker with local access to a FactoryTalk View SE workstation could manipulate data and process variables in the HMI, potentially altering operator displays, process setpoints, or production logs without authorization.
Who's at risk
Rockwell Automation FactoryTalk View SE operators and engineers should prioritize patching. This HMI software is critical for process monitoring and control in manufacturing, food and beverage, chemical processing, and utility automation environments. All versions are affected, making this a broad risk across sites using this widely deployed application.
How it could be exploited
An attacker with valid credentials on a FactoryTalk View SE workstation can use input validation flaws (CWE-20) and buffer overflow vulnerabilities (CWE-119) to modify data in memory or exploit weak access controls (CWE-285) to escalate privileges and manipulate application data. The attacker must have local or authenticated remote access to the affected workstation running FactoryTalk View SE.
Prerequisites
Valid FactoryTalk View SE user credentials or local system access
Access to a workstation running an affected version of FactoryTalk View SE
Ability to interact with the FactoryTalk View SE application interface or underlying system
High EPSS score (29.9%)Requires valid credentials but local/authenticated access onlyAffects data integrity and process visibilityAll versions vulnerableMultiple vulnerabilities (CWE-20, CWE-119, CWE-285, CWE-200)
Exploitability
High exploit probability (EPSS 29.9%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk View SE: All versionsAll versionspatch rollup 1066644 (06 Apr 2020 or later) plus patches 1126289 and 1126290
Remediation & Mitigation
0/5
Schedule — requires maintenance window
0/5
Patching may require device reboot — plan for process interruption
HOTFIXApply patch 1126289 (with prerequisite rollup 1066644 dated 06 Apr 2020 or later) for CVE-2020-12029
HOTFIXApply patch 1126290 (with prerequisite rollup 1066644 dated 06 Apr 2020 or later) for CVE-2020-12031
HARDENINGEnable IPSec within FactoryTalk View SE per knowledge base article 109056 to protect data in transit for CVE-2020-12028
HARDENINGEnable HTTPS within FactoryTalk View SE per knowledge base article 1126943 to protect data in transit for CVE-2020-12027
HARDENINGRestrict local and remote access to FactoryTalk View SE workstations to authorized operators and engineers only