Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Rockwell Automation FactoryTalk Vantagepoint 跨站请求伪造漏洞
Vulnerability Description
Rockwell Automation FactoryTalk Vantagepoint是美国罗克韦尔(Rockwell Automation)公司的在统一生产模型 (UPM) 中组织、关联和规范化制造和生产流程以及业务系统的不同数据的平台。 Rockwell Automation FactoryTalk Vantagepoint 存在安全漏洞,该漏洞源于存在跨站请求伪造漏洞,攻击者可以冒充合法用户并向受影响的产品发送请求。
CVSS Information
N/A
Vulnerability Type
N/A