CVE-2021-27460
Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.
Los componentes de Rockwell Automation FactoryTalk AssetCentre versiones v10.00 y anteriores , contienen endpoints de remoting .NET que deserializan datos no confiables sin verificar suficientemente que los datos resultantes sean válidos. Esta vulnerabilidad puede permitir a un atacante remoto no autenticado obtener acceso completo al servidor principal de FactoryTalk AssetCentre y a todas las máquinas de los agentes
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-19 CVE Reserved
- 2022-03-23 CVE Published
- 2024-08-03 CVE Updated
- 2024-11-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | Factorytalk Assetcentre Search vendor "Rockwellautomation" for product "Factorytalk Assetcentre" | <= 10.00 Search vendor "Rockwellautomation" for product "Factorytalk Assetcentre" and version " <= 10.00" | - |
Affected
| ||||||