CVE-2024-21917

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk Service Platform (affected versions not specified)

Description The issue is related to incorrect cryptographic signature verification in the FactoryTalk Services Platform, which can allow a remote attacker to gain unauthorized access to protected information and modify arbitrary settings. A malicious user can obtain a service token and use it for authentication on another FTSP directory due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-347

Related Identifiers

BDU:2024-01241

CVE-2024-21917

Affected Products

Factorytalk Services Platform

CVE-2024-21917

Weakness Enumeration

Related Identifiers

Affected Products

References · 11