Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HRockwellautomation Factorytalk Services Platform
APPRockwellautomation< 2.80
Related vulnerabilities
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 ...
Privilege escalation w Rockwell Automation FactoryTalk Services Platform
Rockwell Automation FactoryTalk — przechwycenie tokenu uwierzytelniającego (brak podpisu cyfrowego)
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the ...
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Servic...