Infrastructure Briefing — Rockwell FactoryTalk Services Platform vulnerability
CISA’s ICSA-20-170-04 warns that the FactoryTalk Services Platform redundancy service fails to validate identifiers, allowing adjacent attackers to execute COM objects with elevated privileges across food, transportation, and water control systems.
Executive briefing: CISA assigned CVE-2020-12033 (CVSS 7.5) to improper input validation in the FactoryTalk Services Platform redundancy host. Because all platform versions are affected, food and beverage, water, and transportation operators need immediate exposure mapping, compensating controls, and vendor remediation plans.
Mitigation priorities
- Identify installations. Use Rockwell Knowledgebase article 25612 to confirm where FactoryTalk Services Platform components run within plant historians, sequencing servers, and engineering workstations.
- Lock down adjacency. Until a vendor fix is deployed, restrict network paths to redundancy services, enforce jump hosts, and monitor COM/DCOM calls originating from untrusted segments.
- Document defense-in-depth. Capture the segmentation, VPN, and remote-access controls you apply so regulators see adherence to CISA’s ICS recommended practices.
Source excerpts
Primary — Exploit impact: “Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute remote COM objects with elevated privileges.”
CISA ICSA-20-170-04
Primary — Root cause: “The affected product’s redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.”
CISA ICSA-20-170-04