Lucene search
K

158 matches found

Prion
Prion
added 2023/10/06 7:15 p.m.14 views

Code injection

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

1.7CVSS5.4AI score0.0014EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/10/06 6:48 p.m.124 views

CVE-2023-21253

CVE-2023-21253 describes a resource exhaustion condition that can crash multiple system services, leading to local DoS with no required user interaction. The impact is limited to denial of service on affected Android/Linux components; no remote context is implied. Public details indicate the issu...

5.5CVSS5.4AI score0.0014EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/06 12:0 a.m.4 views

PT-2023-18039 · Google +6 · Android +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to resource exhaustion, which can cause multiple system services to crash, leading to a local denial of service. No additional...

5.5CVSS5.2AI score0.0014EPSS
Exploits0References12
OSV
OSV
added 2023/10/01 12:0 a.m.26 views

ASB-A-266580022

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.4AI score0.0014EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/08/25 10:15 p.m.5 views

CVE-2023-41121

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations...

7.5CVSS5.8AI score0.00633EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/07/25 12:0 a.m.7 views

The vulnerability of the FactoryTalk Policy Manager and FactoryTalk System Services software, related to the use of a hard-coded cryptographic key, allows attackers to escalate their privileges.

The vulnerability of the FactoryTalk Policy Manager and FactoryTalk System Services software lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow attackers to enhance their privileges...

7.3CVSS7.4AI score0.00203EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.9 views

The vulnerabilities of the FactoryTalk Policy Manager and FactoryTalk System Services software allow attackers to disclose protected information.

The vulnerabilities of the FactoryTalk Policy Manager and FactoryTalk System Services software are related to deficiencies in the data source verification mechanism. Exploitation of these vulnerabilities can allow attackers to disclose protected information...

4.1CVSS5.5AI score0.00384EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.9 views

The vulnerability of the executable file FTSSBackupRestore.exe of the FactoryTalk Policy Manager and FactoryTalk System Services software allows a perpetrator to upload malicious configuration files.

The vulnerability of the executable file FTSSBackupRestore.exe from the manufacturing process management software FactoryTalk Policy Manager and the FactoryTalk System Services system service is related to deficiencies in the authentication process. Exploiting this vulnerability could allow...

5.9CVSS5.8AI score0.00197EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2023/06/13 9:15 p.m.22 views

CVE-2023-2639

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...

4.7CVSS4.9AI score0.00384EPSS
Exploits0References1
OSV
OSV
added 2023/06/13 9:15 p.m.4 views

CVE-2023-2639

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...

4.7CVSS5.8AI score0.00384EPSS
Exploits0References1
OSV
OSV
added 2023/06/13 9:15 p.m.3 views

CVE-2023-2637

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...

8.2CVSS5.8AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2023/06/13 9:15 p.m.22 views

CVE-2023-2637

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...

8.2CVSS7.6AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2023/06/13 9:15 p.m.31 views

CVE-2023-2638

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...

5.9CVSS6.1AI score0.00197EPSS
Exploits0References1
Prion
Prion
added 2023/06/13 9:15 p.m.23 views

Authorization

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...

1.5CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/06/13 9:15 p.m.18 views

Hardcoded credentials

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...

4.1CVSS8AI score0.00203EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/06/13 9:15 p.m.23 views

Design/Logic Flaw

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...

4.3CVSS5.6AI score0.00384EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/06/13 8:28 p.m.14 views

CVE-2023-2639 Rockwell Automation FactoryTalk System Services Vulnerable to Sensitive Information Disclosure

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...

4.1CVSS6.5AI score0.00384EPSS
Exploits0References1
CVE
CVE
added 2023/06/13 8:28 p.m.55 views

CVE-2023-2639

Rockwell Automation’s FactoryTalk System Services vulnerability (CVE-2023-2639) stems from an origin validation error in the local client verification for the FactoryTalk Policy Manager rules flow. The issue could allow a remote attacker to coax a user to visit a malicious site that interacts wit...

4.7CVSS4.9AI score0.00384EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/06/13 8:25 p.m.38 views

CVE-2023-2638 Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...

5.9CVSS5.8AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2023/06/13 8:25 p.m.60 views

CVE-2023-2638

Rockwell Automation’s FactoryTalk System Services is affected by CVE-2023-2638 due to improper authorization in the FTSSBackupRestore.exe component, which does not verify that backup configuration archives are password protected. This can allow a local, authenticated non-admin user to craft a mal...

5.9CVSS5.6AI score0.00197EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder