Multiple vulnerabilities in Rockwell Automation ​FactoryTalk Policy Manager and ​FactoryTalk System Services



Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2023-2637
CVE-2023-2638
CVE-2023-2639
CWE-ID CWE-321
CWE-287
CWE-346
Exploitation vector Network
Public exploit N/A
Vulnerable software
 ​FactoryTalk Policy Manager
Other software / Other software solutions

​FactoryTalk System Services
Other software / Other software solutions

Vendor Rockwell Automation

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Use of Hard-coded Cryptographic Key

EUVDB-ID: #VU77290

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2637

CWE-ID: CWE-321 - Use of Hard-coded Cryptographic Key

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to a hard-coded cryptographic key. A local user can generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

​FactoryTalk Policy Manager: 6.11.0

​FactoryTalk System Services: 6.11.0

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-23-164-02


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authentication

EUVDB-ID: #VU77291

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2638

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in FTSSBackupRestore.exe. A local user can load backup archive without password protection by FactoryTalk System Services as a valid backup when a restore procedure takes place.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

​FactoryTalk Policy Manager: 6.11.0

​FactoryTalk System Services: 6.11.0

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-23-164-02


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Origin validation error

EUVDB-ID: #VU77292

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2639

CWE-ID: CWE-346 - Origin Validation Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to origin validation error. A remote user can trick a victim to visit a specially crafted website and gain access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

​FactoryTalk Policy Manager: 6.11.0

​FactoryTalk System Services: 6.11.0

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-23-164-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###