漏洞标题
Rockwell Automation FactoryTalk System 服务受网络拒绝服务攻击(DDoS)影响
漏洞描述信息
Rockwell Automation FactoryTalk System Services易受拒绝服务攻击影响
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
漏洞类别
授权机制不正确
漏洞标题
Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack
漏洞描述信息
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected.
Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
漏洞类别
认证机制不恰当
漏洞标题
Rockwell Automation FactoryTalk Services Platform 授权问题漏洞
漏洞描述信息
Rockwell Automation FactoryTalk Services Platform是美国罗克韦尔(Rockwell Automation)公司的一套由多个产品组成的服务平台,它为应用程序提供常规服务,如诊断信息、健康监视和实时数据访问等。 Rockwell Automation FactoryTalk Services Platform存在安全漏洞,该漏洞源于不会验证备份配置存档是否受密码保护,可能会导致加载恶意配置存档,允许经过身份验证的本地非管理员用户制作恶意的备份存档。
CVSS信息
N/A
漏洞类别
授权问题