VYPR

Factorytalk Services Platform

by Rockwellautomation

CVEs (14)

  • CVE-2024-21915Feb 16, 2024
    risk 0.00cvss epss 0.01

    A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor…

  • CVE-2024-21917Jan 31, 2024
    risk 0.00cvss epss 0.01

    A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory.…

  • CVE-2023-46290Oct 27, 2023
    risk 0.00cvss epss 0.03

    Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can…

  • CVE-2023-2639Jun 13, 2023
    risk 0.00cvss epss 0.00

    The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device.  This…

  • CVE-2023-2638Jun 13, 2023
    risk 0.00cvss epss 0.00

    Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected.   Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives.  This vulnerability may allow a local,…

  • CVE-2023-2637Jun 13, 2023
    risk 0.00cvss epss 0.00

    Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.  Hard-coded cryptographic key may lead to privilege escalation.  This vulnerability may allow a local, authenticated non-admin user to generate an invalid…

  • CVE-2021-32960Apr 1, 2022
    risk 0.00cvss epss 0.02

    Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully…

  • CVE-2020-14478Feb 24, 2022
    risk 0.00cvss epss 0.00

    A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local…

  • CVE-2020-14516Mar 18, 2021
    risk 0.00cvss epss 0.04

    In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.

  • CVE-2020-12033Jun 23, 2020
    risk 0.00cvss epss 0.01

    In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.

  • CVE-2018-18981Jan 24, 2019
    risk 0.00cvss epss 0.04

    In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected…

  • CVE-2014-9209Mar 31, 2015
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2012-4714Apr 18, 2013
    risk 0.00cvss epss 0.03

    Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon…

  • CVE-2012-4713Apr 18, 2013
    risk 0.00cvss epss 0.03

    Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe…