CVE-2021-27474

Опубликовано: 23 мар. 2022

Источник: nvd

CVSS3: 10

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.

Ссылки

https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
Permissions Required
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
Third Party Advisory
US Government Resource
https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
Permissions Required
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rockwellautomation:factorytalk_assetcentre:*:*:*:*:*:*:*:*

Версия до 10.00 (включая)

EPSS

Процентиль: 27%

0.00094

Низкий

10 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-676

NVD-CWE-Other

Связанные уязвимости

GHSA-cg2f-j69h-xcx2

CVSS3: 7.5

github

почти 4 года назад

EPSS

Процентиль: 27%

0.00094

Низкий

10 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-676

NVD-CWE-Other