CVE-2023-46290

Rockwell Automation FactoryTalk Services Platform Elevated Privileges Vulnerability

Description

Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.

Remediation

Solution:

* Install the respective FactoryTalk Services Version https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx that remediates the issue. * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012

References

Link	Tags
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165	vendor advisory permissions required

Frequently Asked Questions

What is the severity of CVE-2023-46290?: CVE-2023-46290 has been scored as a high severity vulnerability.
How to fix CVE-2023-46290?: To fix CVE-2023-46290: * Install the respective FactoryTalk Services Version https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx that remediates the issue. * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012
Is CVE-2023-46290 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-46290 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-46290?: CVE-2023-46290 affects Rockwell Automation FactoryTalk® Services Platform.

Description

Remediation

Category

CWE-287 – Improper Authentication

References

Frequently Asked Questions