Overview
- Description
- Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.
- Source
- PSIRT@rockwellautomation.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAD07421-BA29-47E8-B96B-424C35194F2F"
},
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F68655B-5ED9-4B1C-9E7E-4374F5A31AFE"
},
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "272D6C41-9E30-4A70-BAD7-A94D8EE51167"
},
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43E695DF-8CB1-49AA-BFEC-18336C2FCF8D"
},
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA050720-1DC3-4B74-9AE4-5212D4A81938"
}
],
"operator": "OR"
}
]
}
]