Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rockwell Automation FactoryTalk System Services Vulnerable To Use Of Hard-Coded Cryptographic Key
Vulnerability Description
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Rockwell Automation FactoryTalk Services Platform 信任管理问题漏洞
Vulnerability Description
Rockwell Automation FactoryTalk Services Platform是美国罗克韦尔(Rockwell Automation)公司的一套由多个产品组成的服务平台,它为应用程序提供常规服务,如诊断信息、健康监视和实时数据访问等。 Rockwell Automation FactoryTalk Services Platform存在安全漏洞,该漏洞源于使用硬编码加密密钥来生成管理员cookie,可能允许经过身份验证的本地非管理员用户生成无效的管理员cookie,从而授予他们对数据库
CVSS Information
N/A
Vulnerability Type
N/A