CVE-2023-46290
published 2023-10-27CVE-2023-46290: Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk®…
PriorityP349high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
2.72%
84.2th percentile
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_services_platform | — | — |
| rockwellautomation | factorytalk_services_platform | < 2.80 | 2.80 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation FactoryTalk Services Platform
cisa_ics·2023-10-26·CVSS 8.1
[HIGH] Rockwell Automation FactoryTalk Services Platform
ICS Advisory
##
Rockwell Automation FactoryTalk Services Platform
Release DateOctober 26, 2023
Alert CodeICSA-23-299-06
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.1
- ATTENTION: Exploitable remotely
- Vendor: Rockwell Automation
- Equipment: FactoryTalk Services Platform
- Vulnerability: Improper Authentication
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could use a token to log into the system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Rockwell Automation reports that the following products are affected:
- FactoryTalk Services Platform: v2.74
## 3.2 Vulnerability Overview
3.2.1 Improper Authentication CWE-287
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Wi
GHSA
GHSA-5gjm-5h8m-h8w7: Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk
ghsa_unreviewed·2023-10-27
CVE-2023-46290 [HIGH] CWE-287 GHSA-5gjm-5h8m-h8w7: Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.
No detection rules found.
No public exploits indexed.
Dragos
Year in Review
blogs_dragos·2025-08-20
Year in Review
OT Cyber Assessment Evaluate & evolve architecture
Red Team Services Identify vulnerabilities
OT Tabletop Exercises Scenarios to evaluate response
Incident Response OT experts responding to your worst day
OT Cybersecurity Basics Build a stronger OT security strategy
5 Critical Controls SANS ICS framework for defense
Industrial Risk Management Quantifying OT risk and dependencies
Monitoring Threat Groups Know your adversary
Year in Review Report 9th annual threat report
OT Compliance NIS2, CAF v4, SOCI/SONS, TSA, & more
NERC CIP Dragos Alignment
INSM Compliance Path for NERC-CIP-015
RESOURCES
Threat Reports
Whitepapers
Datasheets
Solution Briefs
Case Studies
Blog
Webinars
Dragos Industrial Security Conference
COMMUNITY
OT-CERT Program
Community Defense Program
DRAGOS
Tenable
Rockwell Automation: Disconnect OT Devices with Public-Facing Internet Access, Patch or Mitigate Logix, FactoryTalk CVEs
blogs_tenable·2024-06-05
Rockwell Automation: Disconnect OT Devices with Public-Facing Internet Access, Patch or Mitigate Logix, FactoryTalk CVEs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Rockwell Automation warns admins to take ICS devices offline
blogs_bleepingcomputer·2024-05-21·CVSS 9.8
[CRITICAL] Rockwell Automation warns admins to take ICS devices offline
## Rockwell Automation warns admins to take ICS devices offline
## Sergiu Gatlan
Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide.
Network defenders should never configure such devices to allow remote connections from systems outside the local network. By taking them offline, they can drastically reduce their organizations' attack surface.
This ensures that threat actors will no longer have direct access to systems that may not yet be patched against security vulnerabilities, allowing attackers to gain access to their targets' internal networks.
"Due to heightened geopolitical tensions and adversarial cyber activity globally, Rockwell Automation is
2023-10-27
Published