18 matches found
EUVD-2023-34103
Malicious code in bioql PyPI...
CVE-2023-2637
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...
Rockwell Automation FactoryTalk System Services and Policy Manager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk System Services and Policy Manager Vulnerabilities : Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
PT-2024-8934 · Rockwell Automation · Factorytalk System Services +1
Name of the Vulnerable Software and Affected Versions: FactoryTalk Policy Manager affected versions not specified FactoryTalk System Services affected versions not specified Description: The issue is related to insufficient private key storage permissions in the software, potentially allowing an...
The vulnerability of the FactoryTalk Policy Manager and FactoryTalk System Services software, related to the use of a hard-coded cryptographic key, allows attackers to escalate their privileges.
The vulnerability of the FactoryTalk Policy Manager and FactoryTalk System Services software lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow attackers to enhance their privileges...
The vulnerability of the executable file FTSSBackupRestore.exe of the FactoryTalk Policy Manager and FactoryTalk System Services software allows a perpetrator to upload malicious configuration files.
The vulnerability of the executable file FTSSBackupRestore.exe from the manufacturing process management software FactoryTalk Policy Manager and the FactoryTalk System Services system service is related to deficiencies in the authentication process. Exploiting this vulnerability could allow...
The vulnerabilities of the FactoryTalk Policy Manager and FactoryTalk System Services software allow attackers to disclose protected information.
The vulnerabilities of the FactoryTalk Policy Manager and FactoryTalk System Services software are related to deficiencies in the data source verification mechanism. Exploitation of these vulnerabilities can allow attackers to disclose protected information...
CVE-2023-2639
The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...
CVE-2023-2637
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...
CVE-2023-2638
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...
Hardcoded credentials
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...
Authorization
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...
Design/Logic Flaw
The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...
CVE-2023-2639
Rockwell Automation’s FactoryTalk System Services vulnerability (CVE-2023-2639) stems from an origin validation error in the local client verification for the FactoryTalk Policy Manager rules flow. The issue could allow a remote attacker to coax a user to visit a malicious site that interacts wit...
CVE-2023-2639 Rockwell Automation FactoryTalk System Services Vulnerable to Sensitive Information Disclosure
The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...
CVE-2023-2638 Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...
CVE-2023-2638 Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...
CVE-2023-2637 Rockwell Automation FactoryTalk System Services Vulnerable To Use Of Hard-Coded Cryptographic Key
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...