Rockwell Automation has patches available to handle an improper input validation in its FactoryTalk View Site Edition, according to a report with CISA.

Successful exploitation of this remotely exploitable vulnerability, which Rockwell self-reported, could cause the product to become unavailable and require a restart to recover resulting in a denial-of-service condition.

Rockwell said version 11.0 of FactoryTalk View Site Edition suffers from the issue.

In the vulnerability, FactoryTalk View Site Edition V11.0 insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.

CVE-2023-46289 is the case number assigned to this vulnerability, which has a CVSS v3.1 base score of 7.5.

Schneider Bold

The product sees use mainly in the critical manufacturing sectors, and on a global basis.

An attacker could leverage this low complexity vulnerability.

Rockwell has provided patches for these versions v11.0 & v12.0 & v13.0.

Rockwell encourages users of the affected software to apply the risk mitigations if possible. Additionally, they encourage users to implement their suggested security best practices to minimize the risk.

ISSSource

Pin It on Pinterest

Share This