CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2444
https://notcve.org/view.php?id=CVE-2023-2444
11 May 2023 — A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139443 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-38743
https://notcve.org/view.php?id=CVE-2022-38743
17 Oct 2022 — Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data. Rockwell Automation FactoryTalk VantagePoint versiones 8.0, 8.10, 8.20, 8.30, 8.31, son suscepti... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3158
https://notcve.org/view.php?id=CVE-2022-3158
17 Oct 2022 — Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server. Rockwell Automation FactoryTalk VantagePoint versiones 8.0, 8.10, 8.20, 8.30 y 8.31, son vulnerables a u... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •