CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-21917

CVSS 9.8v3.1pub. 2024-01-31upd. 2026-01-15

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory.  If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.

🤖 AI Analysis
How it works

The FactoryTalk® Service Platform issues service tokens used for authentication between system components. These tokens are not digitally signed in a way that binds them to a specific FTSP directory, which means that a token obtained from one directory can be replayed in another. An attacker who intercepts such a token can present it to another FTSP directory and gain access as an authenticated user without knowing the password.

Impact

An attacker can gain unauthorized access to user information and modify system settings. In industrial OT/ICS environments, this can lead to disruption of production processes or loss of configuration integrity.

Mitigation & patch

Apply patches available from the manufacturer according to references (Rockwell Automation advisory SD1660 available at https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1660.html). Until updates are applied, it is recommended to segment the industrial network and restrict access to FTSP services exclusively to trusted hosts.

Who is affected

Rockwell Automation FactoryTalk® Service Platform — versions indicated in the manufacturer's references (advisory SD1660)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rockwellautomation Factorytalk Services Platform

    APP
    Rockwellautomation
    ≤ 6.31.00
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-22681CRITICAL9.8⚠ KEVten sam produkt

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 ...

CVE-2024-21915CRITICAL9.0PL ✓ten sam produkt

Privilege escalation w Rockwell Automation FactoryTalk Services Platform

CVE-2020-14516CRITICAL10.0ten sam produkt

In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the ...

CVE-2020-6967CRITICAL9.8ten sam produkt

In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Servic...

CVE-2023-46290HIGH8.1ten sam produkt

Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Wind...