PT-2022-9832 · Rockwell Automation · Factorytalk Assetcentre

Published

2021-04-01

Updated

2022-03-29

CVE-2021-27472

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk AssetCentre versions prior to 10.00

Description A vulnerability exists in the RunSearch function of the SearchService service, potentially allowing for the execution of remote unauthenticated arbitrary SQL statements.

Recommendations For versions prior to 10.00, update to a version later than 10.00 to resolve the issue. As a temporary workaround, consider restricting access to the SearchService service to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-05728

CVE-2021-27472

Affected Products

Factorytalk Assetcentre

PT-2022-9832 · Rockwell Automation · Factorytalk Assetcentre

CVE-2021-27472

Weakness Enumeration

Related Identifiers

Affected Products

References · 6