Skip to main content

Factorytalk View CVE-2023-46289

HIGH
Improper Input Validation (CWE-20)
2023-10-27 PSIRT@rockwellautomation.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 27, 2023 - 19:15 nvd
HIGH 7.5

DescriptionNVD

Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.

AnalysisAI

Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition. Affected products include: Rockwellautomation Factorytalk View.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-12028 HIGH POC
8.1 Jul 20

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to int

CVE-2020-12029 HIGH POC
7.8 Jul 20

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. Rated high s

CVE-2020-12027 MEDIUM POC
4.3 Jul 20

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. Rated med

CVE-2023-2071 CRITICAL
9.8 Sep 12

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allo

CVE-2024-45824 CRITICAL
9.2 Sep 12

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. Rated critical severity (CVSS 9.2), t

CVE-2024-4609 HIGH
8.8 May 16

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor

CVE-2024-7513 HIGH
8.5 Aug 14

CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this

CVE-2024-37369 HIGH
8.5 Jun 14

A privilege escalation vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this vulnerability

CVE-2024-37368 HIGH
8.2 Jun 14

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. Rated high severity (CVSS 8.

CVE-2024-37367 HIGH
8.2 Jun 14

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. Rated high severity (CVS

CVE-2020-12031 HIGH
7.8 Jul 20

In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a lo

CVE-2024-37365 HIGH
7.0 Nov 12

A remote code execution vulnerability exists in the affected product. Rated high severity (CVSS 7.0), this vulnerability

Share

CVE-2023-46289 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy