CVE-2016-4531
published 2016-07-28CVE-2016-4531: Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to…
PriorityP346high7.3CVSS 3.0
AVNACLPRNUINSUCLILAL
EPSS
8.22%
94.2th percentile
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | factorytalk_energrymetrix | <= 2.10.00 | — |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation FactoryTalk EnergyMetrix Vulnerabilities
cisa_ics·2018-08-23
Rockwell Automation FactoryTalk EnergyMetrix Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation FactoryTalk EnergyMetrix Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-16-173-03
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on June 21, 2016, and is being released to the NCCIC/ICS-CERT web site.
Rockwell Automation has identified authentication vulnerabilities in the FactoryTalk EnergyMetrix application. Rockwell Automation has produced a new version to mitigate these vulnerabilities.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following FactoryTalk EnergyMetrix versio
GHSA
GHSA-f5pf-48x3-2gh6: Rockwell Automation FactoryTalk EnergyMetrix before 2
ghsa_unreviewed·2022-05-17
CVE-2016-4531 [HIGH] CWE-285 GHSA-f5pf-48x3-2gh6: Rockwell Automation FactoryTalk EnergyMetrix before 2
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-07-28
Published