CyberSec.Space Logo
Back to CVE Browser

CVE-2021-27464

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1610%
EPSS Percentile2.48th
PublishedMar 23, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.

Affected Platforms (CPE)

πŸ“¦
Rockwellautomation

Factorytalk Assetcentre

<= 10.00

References & Advisories

πŸ”— https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
πŸ”— https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01

Related Vulnerabilities

CVE-2021-2746010.0

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrust...

CVE-2021-2746210.0

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and...

CVE-2021-2746610.0

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00...

CVE-2021-2746810.0

The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper auth...