Request a Demo
Rewterz
Rewterz Threat Advisory – Citrix Hypervisor Security Update
April 1, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-21982 – VMware Carbon Black Cloud Workload appliance security bypass
April 2, 2021

Rewterz Threat Advisory – ICS: Rockwell Automation FactoryTalk AssetCentre Multiple Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-27462

A deserialization vulnerability exists in how the AosService.rem service in FactoryTalk AssetCentre verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.

CVE-2021-27466

A deserialization vulnerability exists in how the ArchiveService.rem service in FactoryTalk AssetCentre verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.

CVE-2021-27470

A deserialization vulnerability exists in how the LogService.rem service in FactoryTalk AssetCentre verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.

CVE-2021-27474

FactoryTalk AssetCentre does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.

CVE-2021-27476

A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.

CVE-2021-27472 

A vulnerability exists in the RunSearch function of SearchService service, which may allow for the execution of remote unauthenticated arbitrary SQL statements.

CVE-2021-27468 

The AosService.rem service exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.

CVE-2021-27464 

The ArchiveService.rem service exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.

CVE-2021-27460

FactoryTalk AssetCentre components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.

Impact

  • Arbitrary command execution
  • SQL injection
  • Remote code execution

Affected Vendors

Rockwell Automation

Affected Products

FactoryTalk AssetCentre
v10.00 and earlier

Remediation

Refer to ICS advisory for the complete list of affected products and their respective patches.

https://us-cert.cisa.gov/ics/advisories/icsa-21-091-01