Severity
High
Analysis Summary
CVE-2023-2639 CVSS:4.1
Rockwell Automation FactoryTalk Services Platform could allow a remote authenticated attacker to obtain sensitive information, caused by origin validation errors. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-2638 CVSS:5.9
Rockwell Automation FactoryTalk Services Platform could allow a local authenticated attacker to bypass security restrictions, caused by improper authorization in FTSSBackupRestore.exe. By using a malicious backup archive. an attacker could exploit this vulnerability to cause the loading of malicious configuration archives.
CVE-2023-2637 CVSS:7.3
Rockwell Automation FactoryTalk Services Platform contains default hardcoded cryptographic key. A local authenticated attacker could exploit this vulnerability to generate administrator cookies.
CVE-2023-2778 CVSS:7.5
Rockwell Automation FactoryTalk Transaction Manager is vulnerable to a denial of service, caused by uncontrolled resource consumption flaw. By sending a modified packet to port 400, a remote attacker could exploit this vulnerability to cause a crash or experience a high CPU or memory usage condition.
Impact
- Information Disclosure
- Security Bypass
- Denial of Service
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-2639
- CVE-2023-2638
- CVE-2023-2637
- CVE-2023-2778
Affected Vendors
Rockwell Automation
Affected Products
- Rockwell Automation FactoryTalk Policy Manager 6.11.0
- Rockwell Automation FactoryTalk System Services 6.11.0
- Rockwell Automation FactoryTalk Transaction Manager 13.10
Remediation
Refer to Rockwell Automation Web site for patch, upgrade or suggested workaround information.