Vulnerability Description
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Factorytalk Services Platform | < 2.80 |
Related Weaknesses (CWE)
References
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165Permissions RequiredVendor Advisory
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165Permissions RequiredVendor Advisory
FAQ
What is CVE-2023-46290?
CVE-2023-46290 is a vulnerability with a CVSS score of 8.1 (HIGH). Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the ...
How severe is CVE-2023-46290?
CVE-2023-46290 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46290?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Factorytalk Services Platform.