PT-2023-3620 · Rockwell Automation · Factorytalk Policy Manager+1
Sharon Brizinov
·
Published
2023-06-13
·
Updated
2023-06-26
·
CVE-2023-2639
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Rockwell Automation's FactoryTalk System Services (affected versions not specified)
FactoryTalk Policy Manager (affected versions not specified)
Description
The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services does not verify the origin of communication, potentially allowing a threat actor to craft a malicious website. This website, when visited, can send a malicious script to connect to the local WebSocket endpoint, waiting for events as if it were a valid client device. If successfully exploited, this could allow a threat actor to receive information, including whether FactoryTalk Policy Manager is installed and potentially the entire security policy.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Factorytalk Policy Manager
Factorytalk System Services