838 matches found
CVE-2022-38743
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. ...
CVE-2022-38743
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. ...
Improper access control
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. ...
CVE-2022-3158
CVE-2022-3158 affects Rockwell Automation FactoryTalk VantagePoint (versions 8.0, 8.10, 8.20, 8.30, 8.31). The issue is an input validation vulnerability in the FactoryTalk VantagePoint SQL Server that allows SQL statements to be executed without proper validation, enabling a user with basic priv...
PT-2022-20853 · Rockwell Automation · Factorytalk Vantagepoint
Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 Description: The issue is related to an input validation vulnerability in the FactoryTalk VantagePoint SQL Server. This vulnerability occurs because the server...
CVE-2022-3158
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully...
CVE-2022-38743
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. ...
CVE-2022-3158
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully...
CVE-2022-38743
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. ...
PT-2022-24548 · Rockwell Automation · Factorytalk Vantagepoint
Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 Description: The issue is related to an improper access control vulnerability. A malicious user with read-only privileges could potentially execute SQL statemen...
CVE-2022-38743
CVE-2022-38743 affects Rockwell Automation’s FactoryTalk VantagePoint . The issue is an improper access control vulnerability in the SQLServer account used by VantagePoint, allowing a user with read-only privileges to run SQL statements against the back-end database and potentially execute arbitr...
Vulnerabilities fixed in Rockwell FactoryTalk Vantagepoint
Rockwell Automation has fixed two vulnerabilities in FactoryTalk Vantagepoint. A malicious person with limited privileges could exploit the vulnerabilities to use SQL injection to gain access gain access to sensitive data and execute arbitrary code on the underlying SQL Database. Rockwell...
CISA Releases Two Industrial Control Systems Advisories
CISA released two 2 Industrial Control Systems ICS advisories on October 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
Rockwell Automation FactoryTalk VantagePoint
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk VantagePoint software Vulnerabilities: Improper Access Control, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
Rockwell Products Impacted by Chromium Type Confusion
1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: Low attack complexity/public exploits are available Vendor: Rockwell Automation Equipment: FactoryTalk Software, Enhanced HIM for PowerFlex, Connected Components Workbench Vulnerability: Type Confusion 2. RISK EVALUATION Successful exploitation of this...
The vulnerability of the SaveConfigFile function of the RACompare service in the FactoryTalk AssetCentre software allows a perpetrator to execute arbitrary commands.
The vulnerability of the SaveConfigFile function in the RACompare service of the FactoryTalk AssetCentre software exists because measures to neutralize the special elements used in the operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute...
CVE-2021-32960
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may all...
CVE-2021-32960
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may all...
Security feature bypass
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may all...
CVE-2021-32960 Rockwell Automation FactoryTalk Services Platform Protection Mechanism Failure
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may all...