CVE-2017-14022

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk Alarms and Events versions 2.90 and earlier

Description An issue with improper input validation was found, allowing an unauthenticated attacker with remote network access to send specially crafted packets to Port 403/TCP, which is used by the history archiver service. This can cause the service to either stall or terminate.

Recommendations For versions 2.90 and earlier, consider restricting access to Port 403/TCP to prevent exploitation until a fix is available. As a temporary workaround, limiting network access to the history archiver service may help minimize the risk of service disruption.