Overview
- Description
- Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data.
- Source
- PSIRT@rockwellautomation.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- PSIRT@rockwellautomation.com
- CWE-284
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAD07421-BA29-47E8-B96B-424C35194F2F"
},
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F68655B-5ED9-4B1C-9E7E-4374F5A31AFE"
},
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "272D6C41-9E30-4A70-BAD7-A94D8EE51167"
},
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43E695DF-8CB1-49AA-BFEC-18336C2FCF8D"
},
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA050720-1DC3-4B74-9AE4-5212D4A81938"
}
],
"operator": "OR"
}
]
}
]