Rockwell Automation FactoryTalk Services Platform Protection Mechanism Failure
CVE-2021-32960

8.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk Services Platform
Vendor: CVE Published:; 1 April 2022

Summary

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.

Affected Version(s)

FactoryTalk Services Platform < 6.11

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-161-01

x_refsource_CONFIRM

https://rockwellautomation.custhelp.com/app/answers/answe...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 1, 2022
Vulnerability Reserved
May 13, 2021

Credit

Rockwell Automation reported this vulnerability to CISA.