28 matches found
EUVD-2023-33929
Malicious code in bioql PyPI...
EUVD-2022-42582
Malicious code in bioql PyPI...
CVE-2023-2444
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, t...
CVE-2022-3158
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully...
The vulnerability of the FactoryTalk VantagePoint data processing software, related to the ability to forge inter-site requests, allows a perpetrator to carry out inter-site request forgery.
The vulnerability of the FactoryTalk VantagePoint data software relates to the possibility of inter-site queries being forged. Exploiting this vulnerability could allow a malicious actor to perform inter-site query forgery remotely...
Rockwell Automation FactoryTalk Vantagepoint
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Vantagepoint Vulnerabilities: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to impersonate...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-136-01 Snap One OvrC Cloud ICSA-23-136-02 Rockwell ArmorStart ICSA-23-136-03 Rockwell...
CVE-2023-2444
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, t...
CVE-2023-2444
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, t...
Cross site request forgery (csrf)
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, t...
CVE-2023-2444
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, t...
CVE-2023-2444
CVE-2023-2444 is a CSRF vulnerability in Rockwell Automation FactoryTalk Vantagepoint. Affected product: FactoryTalk Vantagepoint (all versions prior to 8.40). Root cause: insufficient verification of data authenticity enabling CSRF attacks that could impersonate a legitimate user and send reques...
Rockwell Automation FactoryTalk Vantagepoint 跨站请求伪造漏洞
Rockwell Automation FactoryTalk Vantagepoint is Rockwell Automation's platform for organizing, correlating, and normalizing disparate data from manufacturing and production processes and business systems in the Unified Production Model UPM. A cross-site request forgery vulnerability exists in...
CVE-2022-3158
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully...
CVE-2022-3158
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully...
Input validation
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully...
CVE-2022-38743
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. ...
CVE-2022-38743
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. ...
Improper access control
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. ...
CVE-2022-38743
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. ...