CVE-2023-46289
published 2023-10-27CVE-2023-46289: Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.90%
55.1th percentile
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_view_site_edition | — | — |
| rockwellautomation | factorytalk_view | 11.0 – 13.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pc6g-crww-hwrf: Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious d
ghsa_unreviewed·2023-10-27
CVE-2023-46289 [HIGH] CWE-20 GHSA-pc6g-crww-hwrf: Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious d
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.
CISA ICS
Rockwell Automation FactoryTalk View Site Edition
cisa_ics·2023-10-26·CVSS 7.5
[HIGH] Rockwell Automation FactoryTalk View Site Edition
ICS Advisory
##
Rockwell Automation FactoryTalk View Site Edition
Release DateOctober 26, 2023
Alert CodeICSA-23-299-05
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk View Site Edition
- Vulnerability: Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could cause the product to become unavailable and require a restart to recover resulting in a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Rockwell Automation reports that the following versions of FactoryTalk View Site Edition are affected:
- FactoryTalk View Site Edition: V11.0
## 3.2 Vulnerability Overview
3.2.1 IM
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-27
Published