CVE-2021-27474

EPSS 0.09%
Veröffentlicht 23.03.2022 20:15:09
Zuletzt bearbeitet 21.11.2024 05:58:03
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Rockwell Automation FactoryTalk AssetCentre Use of Potentially Dangerous Function

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Factorytalk Assetcentre Version <= 10.00

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.268

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
ics-cert@hq.dhs.gov	10	3.9	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

CWE-676 Use of Potentially Dangerous Function

The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831

Vendor Advisory

Permissions Required

https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-27474

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27474

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27474

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-27474