CVE-2023-2637
Rockwell Automation FactoryTalk System Services Vulnerable To Use Of Hard-Coded Cryptographic Key
Severity Score
8.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.
*Credits:
Sharon Brizinov of Claroty Research - Team82
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-10 CVE Reserved
- 2023-06-13 CVE Published
- 2023-06-14 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-321: Use of Hard-coded Cryptographic Key
- CWE-798: Use of Hard-coded Credentials
CAPEC
- CAPEC-20: Encryption Brute Forcing
References (0)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | Factorytalk Policy Manager Search vendor "Rockwellautomation" for product "Factorytalk Policy Manager" | 6.11.0 Search vendor "Rockwellautomation" for product "Factorytalk Policy Manager" and version "6.11.0" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | Factorytalk System Services Search vendor "Rockwellautomation" for product "Factorytalk System Services" | 6.11.0 Search vendor "Rockwellautomation" for product "Factorytalk System Services" and version "6.11.0" | - |
Affected
| ||||||