Rockwell Automation FactoryTalk AssetCentre SQL Injection
CVE-2021-27472

10CRITICAL

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk Assetcentre
Vendor: CVE Published:; 23 March 2022

Summary

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.

Affected Version(s)

FactoryTalk AssetCentre <= unspecified

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01

x_refsource_CONFIRM

https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsi...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 23, 2022
Vulnerability Reserved
Feb 19, 2021