PT-2022-10162 · Rockwell Automation · Factorytalk Services Platform

Published

2021-06-10

Updated

2022-04-12

CVE-2021-32960

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk Services Platform versions prior to 6.12

Description The issue allows a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.

Recommendations For Rockwell Automation FactoryTalk Services Platform versions prior to 6.12, update to a version later than 6.11 to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

Fix

Protection Mechanism Failure

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-863

Related Identifiers

BDU:2025-05659

CVE-2021-32960

Affected Products

Factorytalk Services Platform

PT-2022-10162 · Rockwell Automation · Factorytalk Services Platform

CVE-2021-32960

Weakness Enumeration

Related Identifiers

Affected Products

References · 9