PT-2022-9830 · Rockwell Automation · Factorytalk Assetcentre

Published

2022-03-23

Updated

2022-03-29

CVE-2021-27468

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk AssetCentre versions prior to 10.00

Description The issue concerns the AosService.rem service, which exposes functions without proper authentication, potentially allowing a remote, unauthenticated attacker to execute arbitrary SQL statements.

Recommendations For versions prior to 10.00, update to a version that includes proper authentication for the AosService.rem service to prevent unauthorized access.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-27468

Affected Products

Factorytalk Assetcentre

PT-2022-9830 · Rockwell Automation · Factorytalk Assetcentre

CVE-2021-27468

Weakness Enumeration

Related Identifiers

Affected Products

References · 4