An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XRockwellautomation Factorytalk Assetcentre
APPRockwellautomation< 15.00.01
Related vulnerabilities
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk As...
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes funct...
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTal...
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions...
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that...