CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-27460

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile29.27th
Published2022年3月23日
Last Modified2024年11月21日

Vulnerability Description

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.

Affected Platforms (CPE)

📦
Rockwellautomation

Factorytalk Assetcentre

<= 10.00

References & Advisories

🔗 https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
🔗 https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831
🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01

関連する脆弱性情報

CVE-2021-2746210.0

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and...

CVE-2021-2746410.0

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper ...

CVE-2021-2746610.0

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00...

CVE-2021-2746810.0

The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper auth...