Rewterz Threat Advisory – ICS: Multiple Rockwell Automation Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-27858 CVSS:7.8

Rockwell Automation Arena could allow a remote attacker to execute arbitrary code on the system, caused by access of an uninitialized pointer. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-27854 CVSS:7.8

Rockwell Automation Arena could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-46289 CVSS:7.5

Rockwell Automation FactoryTalk View Site Edition is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-46290 CVSS:8.1

Rockwell Automation FactoryTalk Services Platform could allow a remote attacker to bypass security restrictions, caused by inadequate code logic in the web service. An attacker could exploit this vulnerability to obtain a local Windows OS user token and use it to log in to FactoryTalk Services Platform.

Impact

• Denial of Service
• Code Execution
• Security Bypass
• Gain Access

Indicators Of Compromise

CVE

• CVE-2023-27858
• CVE-2023-27854
• CVE-2023-46289
• CVE-2023-46290

Affected Vendors

Rockwell Automation

Affected Products

• Rockwell Automation Arena 16.20
• Rockwell Automation FactoryTalk View Site Edition 11.0
• Rockwell Automation FactoryTalk Services Platform 2.74

Remediation

Refer to Rockwell Automation Web site for patch, upgrade or suggested workaround information.

Rockwell Automation Web site