Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-2637

Опубликовано: 13 июн. 2023
Источник: nvd
CVSS3: 7.3
CVSS3: 8.2
EPSS Низкий

Описание

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.  Hard-coded cryptographic key may lead to privilege escalation.  This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rockwellautomation:factorytalk_policy_manager:6.11.0:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:factorytalk_system_services:6.11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 0%
0.00005
Низкий

7.3 High

CVSS3

8.2 High

CVSS3

Дефекты

CWE-321
CWE-798

Связанные уязвимости

github логотип

GHSA-v84g-528v-42pp

CVSS3: 7.3
github
больше 2 лет назад

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.  Hard-coded cryptographic key may lead to privilege escalation.  This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.

fstec логотип

BDU:2023-04014

CVSS3: 7.3
fstec
больше 2 лет назад

Уязвимость программного обеспечения управления производственными процессами FactoryTalk Policy Manager и системной службы FactoryTalk System Services, связанная с использованием жестко закодированного криптографического ключа, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 0%
0.00005
Низкий

7.3 High

CVSS3

8.2 High

CVSS3

Дефекты

CWE-321
CWE-798