7 matches found
CVE-2021-27462
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...
CVE-2021-27468
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...
Deserialization of untrusted data
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...
Authentication flaw
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...
CVE-2021-27468 Rockwell Automation FactoryTalk AssetCentre SQL Injection
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...
CVE-2021-27468
Affected product: Rockwell Automation FactoryTalk AssetCentre (v10.00 and earlier).Vulnerable component: AosService.rem service, exposing functions with insufficient authentication.Vulnerability type/root cause: SQL Injection allowing execution of arbitrary SQL statements via remote, unauthentica...
CVE-2021-27462 Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre...