Lucene search

K
cveRockwellCVE-2022-38744
HistoryOct 27, 2022 - 2:15 p.m.

CVE-2022-38744

2022-10-2714:15:10
CWE-287
Rockwell
web.nvd.nist.gov
35
6
cve-2022-38744
unauthenticated attacker
network access
rockwell automation
factorytalk
alarm
events
service fault
xml
nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.0%

An unauthenticated attacker with network access to a victim’s Rockwell Automation FactoryTalk Alarm and
Events service could open a connection, causing the service to fault and become unavailable. The affected port
could be used as a server ping port and uses messages structured with XML.

Affected configurations

Nvd
Node
rockwellautomationfactorytalk_alarms_and_eventsMatch-
VendorProductVersionCPE
rockwellautomationfactorytalk_alarms_and_events-cpe:2.3:a:rockwellautomation:factorytalk_alarms_and_events:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "FactoryTalk Alarm and Events Server",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

Social References

More

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.0%

Related for CVE-2022-38744