CVE-2017-14022
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate.
Se ha descubierto un problema de validación de entrada incorrecta en Rockwell Automation FactoryTalk Alarms and Events, versión 2.90 y anteriores. Un atacante sin autenticar con acceso remoto a red y con FactoryTalk Alarms and Events puede enviar un paquete que incluya un grupo de paquetes manipulados al puerto 403/TCP (el servicio archivador de historiales), lo que provocaría que el servicio se bloquease o se cerrase.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-30 CVE Reserved
- 2017-12-23 CVE Published
- 2023-05-15 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102114 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | Factorytalk Alarms And Events Search vendor "Rockwellautomation" for product "Factorytalk Alarms And Events" | <= 2.90 Search vendor "Rockwellautomation" for product "Factorytalk Alarms And Events" and version " <= 2.90" | - |
Affected
| ||||||