All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.

Related CVEs

CVE-2020-12029

Key Information

GHSA ID

GHSA-v98p-v8hm-3f7c

Published

May 24, 2022 10:28 PM

Last Modified

May 24, 2022 10:28 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 16, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.