CVE-2023-46290 - OpenCVE

Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Rockwellautomation	Factorytalk Services Platform

Configuration 1 [-]

cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*

References

Link	Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165	Permissions Required Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Rockwell

Published: 2023-10-27T18:10:50.923Z

Updated: 2023-10-27T18:10:50.923Z

Reserved: 2023-10-20T18:01:46.095Z

Link: CVE-2023-46290

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-27T19:15:41.560

Modified: 2023-11-07T19:09:56.033

Link: CVE-2023-46290

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-46290", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2023-10-20T18:01:46.095Z", "datePublished": "2023-10-27T18:10:50.923Z", "dateUpdated": "2023-10-27T18:10:50.923Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FactoryTalk\u00ae Services Platform", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "versions before 2.80"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": " This vulnerability was found internally during routine testing."}], "datePublic": "2023-10-26T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk\u00ae Services Platform web service and then use the token to log in into FactoryTalk\u00ae Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk\u00ae Services Platform web service.</span>\n\n"}], "value": "\nDue to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk\u00ae Services Platform web service and then use the token to log in into FactoryTalk\u00ae Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk\u00ae Services Platform web service.\n\n"}], "impacts": [{"capecId": "CAPEC-633", "descriptions": [{"lang": "en", "value": "CAPEC-633 Token Impersonation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2023-10-27T18:10:50.923Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<ul><li>Install the respective <a target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113&versions=61602,60883,59837,59480,58564,57413,58591,59481,59482,59483,59484,59485,59486,59487,59488,59490,59491,59492,59493,59494,59495,59496\">FactoryTalk Services Version</a> that remediates the issue.</li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012\">QA43240 - Recommended Security Guidelines from Rockwell Automation</a></li></ul>\n\n<br>"}], "value": "\n * Install the respective FactoryTalk Services Version https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx \u00a0that remediates the issue.\n * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012 \n\n\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Rockwell Automation FactoryTalk Services Platform Elevated Privileges Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "86F8AE4A-2067-4989-BED5-B4CB8A03E8BB", "versionEndExcluding": "2.80", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nDue to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk\u00ae Services Platform web service and then use the token to log in into FactoryTalk\u00ae Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk\u00ae Services Platform web service.\n\n"}, {"lang": "es", "value": "Debido a una l\u00f3gica de c\u00f3digo inadecuada, un actor de amenazas no autenticado previamente podr\u00eda obtener un token de usuario del sistema operativo Windows local a trav\u00e9s del servicio web FactoryTalk\u00ae Services Platform y luego usar el token para iniciar sesi\u00f3n en FactoryTalk\u00ae Services Platform. Esta vulnerabilidad solo se puede aprovechar si el usuario autorizado no inici\u00f3 sesi\u00f3n previamente en el servicio web FactoryTalk\u00ae Services Platform."}], "id": "CVE-2023-46290", "lastModified": "2023-11-07T19:09:56.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2023-10-27T19:15:41.560", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}