SB2023061425 - Multiple vulnerabilities in Rockwell Automation FactoryTalk Policy Manager and FactoryTalk System Services

Security Bulletin ID SB2023061425

Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2023-2637)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to a hard-coded cryptographic key. A local user can generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database.

2) Improper Authentication (CVE-ID: CVE-2023-2638)

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in FTSSBackupRestore.exe. A local user can load backup archive without password protection by FactoryTalk System Services as a valid backup when a restore procedure takes place.

3) Origin validation error (CVE-ID: CVE-2023-2639)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to origin validation error. A remote user can trick a victim to visit a specially crafted website and gain access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-02