CRITICAL🇬🇧 English

CVE-2021-27470

CVSS 10.0v3.1pub. 2022-03-23upd. 2024-11-21

A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
  • Rockwellautomation Factorytalk Assetcentre

    APP
    Rockwellautomation
    ≤ 10.00
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth BypassDeserialization
CWE
Referencje

Powiązane podatności

CVE-2025-0477CRITICAL9.3PL ✓ten sam produkt

Słabe szyfrowanie haseł w Rockwell Automation FactoryTalk AssetCentre

CVE-2021-27464CRITICAL10.0ten sam produkt

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes funct...

CVE-2021-27466CRITICAL10.0ten sam produkt

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTal...

CVE-2021-27468CRITICAL10.0ten sam produkt

The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions...

CVE-2021-27462CRITICAL10.0ten sam produkt

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk As...