CyberSec.Space Logo
Back to CVE Browser

CVE-2021-27460

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile29.27th
PublishedMar 23, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.

Affected Platforms (CPE)

πŸ“¦
Rockwellautomation

Factorytalk Assetcentre

<= 10.00

References & Advisories

πŸ”— https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
πŸ”— https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01

Related Vulnerabilities

CVE-2021-2746210.0

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and...

CVE-2021-2746410.0

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper ...

CVE-2021-2746610.0

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00...

CVE-2021-2746810.0

The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper auth...