CVE-2023-2639

Name of the Vulnerable Software and Affected Versions Rockwell Automation's FactoryTalk System Services (affected versions not specified) FactoryTalk Policy Manager (affected versions not specified)

Description The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services does not verify the origin of communication, potentially allowing a threat actor to craft a malicious website. This website, when visited, can send a malicious script to connect to the local WebSocket endpoint, waiting for events as if it were a valid client device. If successfully exploited, this could allow a threat actor to receive information, including whether FactoryTalk Policy Manager is installed and potentially the entire security policy.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.