Privilege Escalation Vulnerability in Rockwell Automation FactoryTalk® Service Platform (FTSP)
CVE-2024-21915

8.8HIGH

Key Information:

Vendor: Rockwell Automation
Status: FactoryTalk® Service Platform
Vendor: CVE Published:; 16 February 2024

Summary

A privilege escalation vulnerability exists within Rockwell Automation's FactoryTalk® Service Platform (FTSP). This flaw enables an attacker with basic user privileges to gain unauthorized FTSP Administrator Group rights. An exploitation of this vulnerability could allow malicious actors to access, modify, or delete sensitive data, ultimately compromising the integrity and availability of the FTSP system. Affected users should assess their security posture and implement necessary mitigations.

Affected Version(s)

FactoryTalk® Service Platform <v2.74

References

https://www.rockwellautomation.com/en-us/support/advisory...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2024
Vulnerability Reserved
Jan 3, 2024