CVE-2022-38743

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31

Description The issue is related to an improper access control vulnerability. A malicious user with read-only privileges could potentially execute SQL statements in the back-end database through the FactoryTalk VantagePoint SQL Server account. Successful exploitation could allow the attacker to execute arbitrary code and gain access to restricted data.

Recommendations For versions 8.0, 8.10, 8.20, 8.30, 8.31, consider restricting access to the SQL Server account to prevent malicious users from executing SQL statements in the back-end database until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.