PT-2022-9829 · Rockwell Automation · Factorytalk Assetcentre

Amir Preminger

Published

2021-04-01

Updated

2022-03-29

CVE-2021-27466

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk AssetCentre versions 10.00 and earlier

Description A deserialization vulnerability exists in the ArchiveService.rem service, which may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.

Recommendations For versions 10.00 and earlier, consider disabling the ArchiveService.rem service until a patch is available to prevent potential exploitation. Restrict access to the ArchiveService.rem service to minimize the risk of arbitrary command execution.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2025-05662

CVE-2021-27466

Affected Products

Factorytalk Assetcentre

PT-2022-9829 · Rockwell Automation · Factorytalk Assetcentre

CVE-2021-27466

Weakness Enumeration

Related Identifiers

Affected Products

References · 8