Rewterz Threat Advisory – ICS: Rockwell FactoryTalk View SE

Rewterz Threat Alert – Latest Emotet IOCs

June 26, 2020

Malware Analysis – Malicious Macros

June 26, 2020

Rewterz Threat Advisory – ICS: Rockwell FactoryTalk View SE

Severity

High

Analysis Summary

CVE-2020-14481

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.

CVE-2020-14480

Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.

Impact

Plaintext Storage of Sensitive Information
Weak Encoding for Password

Affected Vendors

Rockwell Automation

Affected Products

FactoryTalk View SE Versions 9.0 and earlier
FactoryTalk View SE Version 10.0

Remediation

Users of the affected versions of DeskLock provided with FactoryTalk View SE can update to v10.0 or later.

Rewterz Threat Alert – Latest Emotet IOCs

Malware Analysis – Malicious Macros

Rewterz Threat Advisory – ICS: Rockwell FactoryTalk View SE

Severity

Analysis Summary

CVE-2020-14481

CVE-2020-14480

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan