Lucene search
PRIOn knowledge basePRION:CVE-2023-2638HistoryJun 13, 2023 - 9:15 p.m.
Authorization
2023-06-1321:15:00
PRIOn knowledge base
www.prio-n.com
5
authorization
factorytalk system services
configuration archives
vulnerability
user interaction
Rockwell Automationβs FactoryTalk System Services does not verify that a backup configuration archive is password protected.
Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives.Β This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.
| CPE | Name | Operator | Version |
|---|---|---|---|
| factorytalk_policy_manager | eq | 6.11.0 | |
| factorytalk_system_services | eq | 6.11.0 |
Related
cve
cve
CVE-2023-2638
2023-06-13 21:15:09
cvelist
cvelist
nvd
nvd
CVE-2023-2638
2023-06-13 21:15:09
ics
ics
βRockwell Automation FactoryTalk Services Platform
2023-06-13 12:00:00