Rockwell Automation FactoryTalk Services Platform Elevated Privileges Vulnerability
CVE-2023-46290

8.1HIGH

Key Information:

Vendor: Rockwell Automation
Status: FactoryTalk® Services Platform
Vendor: CVE Published:; 27 October 2023

Summary

A configuration flaw in the FactoryTalk® Services Platform web service enables a potential unauthorized actor to gain access to a local Windows OS user token. If an authorized user has not logged into the web service previously, the attacker could leverage this vulnerability to log into the platform without valid credentials, compromising system integrity.

Affected Version(s)

FactoryTalk® Services Platform versions before 2.80

References

https://rockwellautomation.custhelp.com/app/answers/answe...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Oct 20, 2023

Credit

This vulnerability was found internally during routine testing.