CVE-2021-27476

Опубликовано: 23 мар. 2022

Источник: nvd

CVSS3: 10

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier.

Ссылки

https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
Permissions Required
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
Mitigation
Third Party Advisory
US Government Resource
https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
Permissions Required
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rockwellautomation:factorytalk_assetcentre:*:*:*:*:*:*:*:*

Версия до 10.00 (включая)

EPSS

Процентиль: 9%

0.00033

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-jqv7-vfjc-8xpm

CVSS3: 9.8

github

почти 4 года назад

BDU:2022-03219

CVSS3: 10

fstec

почти 5 лет назад

Уязвимость функции SaveConfigFile службы RACompare программного средства FactoryTalk AssetCentre, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 9%

0.00033

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78