CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21917 – Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability
https://notcve.org/view.php?id=CVE-2024-21917
31 Jan 2024 — A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication. Existe una vulnerabilidad en Rockwell Automation FactoryTalk® Service Platform que permite a un usuario malint... • https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32960 – Rockwell Automation FactoryTalk Services Platform Protection Mechanism Failure
https://notcve.org/view.php?id=CVE-2021-32960
01 Apr 2022 — Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine. Rockwell Automation FactoryTalk Services Platform versiones v6.11 y anteriores, si FactoryTalk Security está habilitado e i... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131785 • CWE-693: Protection Mechanism Failure CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14478 – IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611
https://notcve.org/view.php?id=CVE-2020-14478
24 Feb 2022 — A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services. Un atacante local y autenticado podría usar un ataque de tipo XML External Entity (XXE) para explotar archivos XML débilmente configurados para acceder a contenido local o remoto. Un ataque exitoso po... • https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-02 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14516
https://notcve.org/view.php?id=CVE-2020-14516
18 Mar 2021 — In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. En Rockwell Automation FactoryTalk Services Platform versiones 6.10.00 y 6.11.00, se presenta un problema con la implementación del algoritmo de hash SHA-256 con la plataforma de servicios FactoryTalk que impide que la contraseña del usuario se procese apropi... • https://us-cert.cisa.gov/ics/advisories/icsa-21-054-01 • CWE-916: Use of Password Hash With Insufficient Computational Effort •