CVE-2024-21917

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*

History

08 Feb 2024, 01:29

Type	Values Removed	Values Added
First Time		Rockwellautomation factorytalk Services Platform Rockwellautomation
References	~~() https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html -~~	() https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html - Vendor Advisory
CPE		cpe:2.3:a:rockwellautomation:factorytalk_services_platform::::::::
CWE		CWE-347
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1

31 Jan 2024, 19:54

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-31 19:15

Updated : 2024-02-28 20:54

NVD link : CVE-2024-21917

Mitre link : CVE-2024-21917

CVE.ORG link : CVE-2024-21917

JSON object : View

Products Affected

rockwellautomation

factorytalk_services_platform

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2024-21917", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-01-31T19:15:08.633", "references": [{"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html", "tags": ["Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "\nA vulnerability exists in Rockwell Automation FactoryTalk\u00ae Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. \u00a0If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad en Rockwell Automation FactoryTalk\u00ae Service Platform que permite a un usuario malintencionado obtener el token de servicio y usarlo para autenticaci\u00f3n en otro directorio FTSP. Esto se debe a la falta de firma digital entre el token del servicio FTSP y el directorio. Si se explota, un usuario malintencionado podr\u00eda potencialmente recuperar informaci\u00f3n del usuario y modificar la configuraci\u00f3n sin ninguna autenticaci\u00f3n."}], "lastModified": "2024-02-08T01:29:32.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B58012D3-971A-4BE7-984B-D26120477A6C", "versionEndIncluding": "6.31.00"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}