PT-2023-3028 · Rockwell Automation · Factorytalk Vantagepoint
Published
2023-05-11
·
Updated
2023-05-20
·
CVE-2023-2444
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FactoryTalk Vantagepoint (affected versions not specified)
Description
A cross-site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This issue can be exploited in two ways. If an attacker sends a malicious link to a computer on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link, a cross-site request forgery attack would be successful as well.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Factorytalk Vantagepoint