CVE-2024-21915 Rockwell Automation FactoryTalk® Service Platform Elevated Privileges Vulnerability Through Web Service Functionality

2024-02-1618:20:43

CWE-732

Rockwell

www.cve.org

rockwell automation

factorytalk service platform

privilege escalation

vulnerability

web service functionality

threat actor

sensitive data

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

Percentile

9.0%

JSON

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FactoryTalk® Service Platform",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": " <v2.74"
      }
    ]
  }
]