CyberSec.Space Logo
Back to CVE Browser

CVE-2021-32960

HIGH
8.5
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile37.83th
PublishedApr 1, 2022
Last ModifiedApr 17, 2025

Vulnerability Description

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.

Affected Platforms (CPE)

πŸ“¦
Rockwellautomation

Factorytalk Services Platform

<= 6.11.00

References & Advisories

πŸ”— https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131785
πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-21-161-01
πŸ”— https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131785
πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-21-161-01

Related Vulnerabilities

CVE-2020-1451610.0

In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of th...

CVE-2020-69679.8

In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, Factory...

CVE-2020-120338.8

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate s...

CVE-2012-47137.8

Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR...