Published Date: February 15, 2024
Last updated: February 15, 2024
Revision Number: 1.0
CVSS Score: 9.0/10
The security of our products is important to us as your chosen industrial automation supplier. This vulnerability was found internally during routine testing and is being reported based on our commitment to customer transparency.
AFFECTED PRODUCTS AND SOLUTION
Affected Product |
First Known in software version |
Corrected in software version |
FactoryTalk® Service Platform |
<v2.74 |
Update to V2.74 or later |
VULNERABILITY DETAILS
Rockwell Automation used version 3.1 of the CVSS scoring system to assess the following vulnerabilities.
CVE-2024-21915 IMPACT
A privilege escalation vulnerability exists in FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.
CVSS Base Score: 9.0
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:CC:H/I:H/A:H
CWE: CWE-279: Incorrect Execution-Assigned Permissions
Known Exploited Vulnerability (KEV) database: No
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment specific prioritization.
Customers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.
ADDITIONAL RESOURCES
