Vulnerability Description
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Factorytalk Assetcentre | <= 10.00 |
Related Weaknesses (CWE)
References
- https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPPermissions RequiredVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01Third Party AdvisoryUS Government Resource
- https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPPermissions RequiredVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-27460?
CVE-2021-27460 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be...
How severe is CVE-2021-27460?
CVE-2021-27460 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-27460?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Factorytalk Assetcentre.