CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-32960

HIGH
8.5
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile37.83th
Published2022年4月1日
Last Modified2025年4月17日

Vulnerability Description

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.

Affected Platforms (CPE)

📦
Rockwellautomation

Factorytalk Services Platform

<= 6.11.00

References & Advisories

🔗 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131785
🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-161-01
🔗 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131785
🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-161-01

関連する脆弱性情報

CVE-2020-1451610.0

In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of th...

CVE-2020-69679.8

In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, Factory...

CVE-2020-120338.8

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate s...

CVE-2012-47137.8

Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR...