Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack
Vulnerability Description
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Rockwell Automation FactoryTalk Services Platform 授权问题漏洞
Vulnerability Description
Rockwell Automation FactoryTalk Services Platform是美国罗克韦尔(Rockwell Automation)公司的一套由多个产品组成的服务平台,它为应用程序提供常规服务,如诊断信息、健康监视和实时数据访问等。 Rockwell Automation FactoryTalk Services Platform存在安全漏洞,该漏洞源于不会验证备份配置存档是否受密码保护,可能会导致加载恶意配置存档,允许经过身份验证的本地非管理员用户制作恶意的备份存档。
CVSS Information
N/A
Vulnerability Type
N/A