Overview
- Description
- Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.
- Source
- PSIRT@rockwellautomation.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5
- Impact score
- 3.6
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_policy_manager:6.11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78D6F03E-E110-4CA7-8883-5CE38FF8E5A0"
},
{
"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_system_services:6.11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46A50229-56B5-4B30-8B4A-6D180D65C2D6"
}
],
"operator": "OR"
}
]
}
]