CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38744 – FactoryTalk Alarm and Events Server Vulnerable to Denial-Of-Service Attack
https://notcve.org/view.php?id=CVE-2022-38744
An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML. Un atacante no autenticado con acceso a la red de la víctima del servicio de Eventos y Alarmas FactoryTalk de Rockwell Automation podría abrir una conexión, provocando que el servicio falle y deje de estar disponible. El puerto afectado podría utilizarse como puerto de ping del servidor y utiliza mensajes estructurados con XML. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14022
https://notcve.org/view.php?id=CVE-2017-14022
An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate. Se ha descubierto un problema de validación de entrada incorrecta en Rockwell Automation FactoryTalk Alarms and Events, versión 2.90 y anteriores. Un atacante sin autenticar con acceso remoto a red y con FactoryTalk Alarms and Events puede enviar un paquete que incluya un grupo de paquetes manipulados al puerto 403/TCP (el servicio archivador de historiales), lo que provocaría que el servicio se bloquease o se cerrase. • http://www.securityfocus.com/bid/102114 https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02 • CWE-20: Improper Input Validation •