CVE-2023-46289

Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167	Permissions Required Vendor Advisory
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167	Permissions Required Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:site_edition:*:*:*

History

21 Nov 2024, 08:28

Type	Values Removed	Values Added
References	~~() https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167 - Permissions Required, Vendor Advisory~~	() https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167 - Permissions Required, Vendor Advisory

07 Nov 2023, 18:18

Type	Values Removed	Values Added
References	~~(MISC) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167 -~~	(MISC) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167 - Permissions Required, Vendor Advisory
CPE		cpe:2.3:a:rockwellautomation:factorytalk_view:::::site_edition:::*
CWE		CWE-20
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Rockwellautomation Rockwellautomation factorytalk View

27 Oct 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-27 19:15

Updated : 2024-11-21 08:28

NVD link : CVE-2023-46289

Mitre link : CVE-2023-46289

CVE.ORG link : CVE-2023-46289

JSON object : View

Products Affected

rockwellautomation

factorytalk_view

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2023-46289", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-10-27T19:15:41.493", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167", "tags": ["Permissions Required", "Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}, {"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167", "tags": ["Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "\nRockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.\n\n"}, {"lang": "es", "value": "Rockwell Automation FactoryTalk View Site Edition no valida suficientemente la entrada del usuario, lo que podr\u00eda permitir que los actores de amenazas env\u00eden datos maliciosos y desconecten el producto. Si se explota, el producto dejar\u00eda de estar disponible y requerir\u00eda un reinicio para recuperarse, lo que provocar\u00eda una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."}], "lastModified": "2024-11-21T08:28:14.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:site_edition:*:*:*", "vulnerable": true, "matchCriteriaId": "F6E450A8-F513-496F-A9D6-059A0987F543", "versionEndIncluding": "13.0", "versionStartIncluding": "11.0"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}