A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
References
Link | Resource |
---|---|
https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html | Vendor Advisory |
Configurations
History
08 Feb 2024, 01:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Rockwellautomation factorytalk Services Platform
Rockwellautomation |
|
References | () https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html - Vendor Advisory | |
CPE | cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:* | |
CWE | CWE-347 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
31 Jan 2024, 19:54
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-31 19:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-21917
Mitre link : CVE-2024-21917
CVE.ORG link : CVE-2024-21917
JSON object : View
Products Affected
rockwellautomation
- factorytalk_services_platform
CWE
CWE-347
Improper Verification of Cryptographic Signature