CVE-2023-46289 - OpenCVE

Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Rockwellautomation	Factorytalk View

Configuration 1 [-]

cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:site_edition:*:*:*

References

Link	Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167	Permissions Required Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Rockwell

Published: 2023-10-27T18:28:40.936Z

Updated: 2023-10-27T18:28:40.936Z

Reserved: 2023-10-20T18:01:46.095Z

Link: CVE-2023-46289

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-27T19:15:41.493

Modified: 2023-11-07T18:18:35.950

Link: CVE-2023-46289

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-46289", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2023-10-20T18:01:46.095Z", "datePublished": "2023-10-27T18:28:40.936Z", "dateUpdated": "2023-10-27T18:28:40.936Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FactoryTalk\u00ae View Site Edition ", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "versions 11.0-13.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "This vulnerability was found internally during routine testing."}], "datePublic": "2023-10-26T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.</span>\n\n"}], "value": "\nRockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.\n\n"}], "impacts": [{"capecId": "CAPEC-629", "descriptions": [{"lang": "en", "value": "CAPEC-629 Unauthorized Use of Device Resources"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2023-10-27T18:28:40.936Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<ul><li>Install the patch that remediates the issue: <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140243\">BF29581 - Patch: External Service Interaction (HTTP), FactoryTalk View SE 11.0, 12.0 13.0</a>.</li></ul>"}], "value": "\n * Install the patch that remediates the issue: BF29581 - Patch: External Service Interaction (HTTP), FactoryTalk View SE 11.0, 12.0 13.0 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140243 .\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Rockwell Automation FactoryTalk\u00ae View Site Edition Vulnerable to Improper Input Validation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:site_edition:*:*:*", "matchCriteriaId": "F6E450A8-F513-496F-A9D6-059A0987F543", "versionEndIncluding": "13.0", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nRockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.\n\n"}, {"lang": "es", "value": "Rockwell Automation FactoryTalk View Site Edition no valida suficientemente la entrada del usuario, lo que podr\u00eda permitir que los actores de amenazas env\u00eden datos maliciosos y desconecten el producto. Si se explota, el producto dejar\u00eda de estar disponible y requerir\u00eda un reinicio para recuperarse, lo que provocar\u00eda una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."}], "id": "CVE-2023-46289", "lastModified": "2023-11-07T18:18:35.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2023-10-27T19:15:41.493", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}