CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27464 – Rockwell Automation FactoryTalk AssetCentre SQL Injection
https://notcve.org/view.php?id=CVE-2021-27464
23 Mar 2022 — The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements. El servicio ArchiveService.rem de Rockwell Automation FactoryTalk AssetCentre versiones v10.00 y anteriores, expone funciones que carecen de la autenticación apropiada. Esta vulnerabilidad puede permitir a un atacante remoto no autenticado ejecutar sentencias SQL a... • https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27460 – Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2021-27460
23 Mar 2022 — Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines. Los componentes de Rockwell Automation FactoryTalk AssetCentre versiones v10.00 y anteriores , contienen endpoints de remoting .NET que deserializan dato... • https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831 • CWE-502: Deserialization of Untrusted Data •