CVE-2022-3158

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31

Description The issue is related to an input validation vulnerability in the FactoryTalk VantagePoint SQL Server. This vulnerability occurs because the server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.

Recommendations For versions 8.0, 8.10, 8.20, 8.30, 8.31, consider restricting user privileges to prevent remote code execution until a patch is available. As a temporary workaround, consider disabling user input for SQL statements in the FactoryTalk VantagePoint SQL Server to minimize the risk of exploitation. Restrict access to the back-end database to minimize the risk of exploitation.