CVE-2021-27464

Опубликовано: 23 мар. 2022

Источник: nvd

CVSS3: 10

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.

Ссылки

https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
Permissions Required
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
Third Party Advisory
US Government Resource
https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
Permissions Required
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rockwellautomation:factorytalk_assetcentre:*:*:*:*:*:*:*:*

Версия до 10.00 (включая)

EPSS

Процентиль: 8%

0.00029

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-p36c-m5h6-x7pp

CVSS3: 9.8

github

почти 4 года назад

EPSS

Процентиль: 8%

0.00029

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89