CVE-2021-27460
published 2022-03-23CVE-2021-27460: Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.07%
86.0th percentile
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_assetcentre | unspecified – v10.00 | — |
| rockwellautomation | factorytalk_assetcentre | <= 10.00 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation FactoryTalk AssetCentre
cisa_ics·2021-04-01·CVSS 10.0
[CRITICAL] Rockwell Automation FactoryTalk AssetCentre
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation FactoryTalk AssetCentre
Last RevisedApril 01, 2021
Alert CodeICSA-21-091-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/Low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk AssetCentre
- Vulnerabilities: OS Command Injection, Deserialization of Untrusted Data, SQL Injection, Improperly Restricted Functions
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow unauthenticated attackers to perform arbitrary command execution, SQL injection, or remote code execution.
## 3. TEC
GHSA
GHSA-v749-5446-q4q4: Rockwell Automation FactoryTalk AssetCentre v10
ghsa_unreviewed·2022-03-24
CVE-2021-27460 [CRITICAL] CWE-502 GHSA-v749-5446-q4q4: Rockwell Automation FactoryTalk AssetCentre v10
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
2022-03-23
Published