CVE-2024-21917
published 2024-01-31CVE-2024-21917: A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for…
PriorityP351critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.86%
53.9th percentile
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_service_platform | <= v6.31 | — |
| rockwellautomation | factorytalk_services_platform | <= 6.31.00 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5rh9-jc57-95mr: A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for au
ghsa_unreviewed·2024-01-31
CVE-2024-21917 [CRITICAL] CWE-347 GHSA-5rh9-jc57-95mr: A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for au
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
CISA ICS
Rockwell Automation FactoryTalk Service Platform
cisa_ics·2024-01-30·CVSS 4.8
[MEDIUM] Rockwell Automation FactoryTalk Service Platform
ICS Advisory
##
Rockwell Automation FactoryTalk Service Platform
Release DateJanuary 30, 2024
Alert CodeICSA-24-030-06
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk Service Platform
- Vulnerability: Improper Verification of Cryptographic Signature
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to retrieve user information and modify settings without any authentication.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Rockwell Automation products are affected:
- FactoryTalk Service Platform: Versions prior to v6.4
## 3.2 Vulnerability Overview
3.2.1 IMPROPER VERIFICATION OF CRYPTOGR
No detection rules found.
No public exploits indexed.
Dragos
Year in Review
blogs_dragos·2025-08-20
Year in Review
OT Cyber Assessment Evaluate & evolve architecture
Red Team Services Identify vulnerabilities
OT Tabletop Exercises Scenarios to evaluate response
Incident Response OT experts responding to your worst day
OT Cybersecurity Basics Build a stronger OT security strategy
5 Critical Controls SANS ICS framework for defense
Industrial Risk Management Quantifying OT risk and dependencies
Monitoring Threat Groups Know your adversary
Year in Review Report 9th annual threat report
OT Compliance NIS2, CAF v4, SOCI/SONS, TSA, & more
NERC CIP Dragos Alignment
INSM Compliance Path for NERC-CIP-015
RESOURCES
Threat Reports
Whitepapers
Datasheets
Solution Briefs
Case Studies
Blog
Webinars
Dragos Industrial Security Conference
COMMUNITY
OT-CERT Program
Community Defense Program
DRAGOS
Tenable
Rockwell Automation: Disconnect OT Devices with Public-Facing Internet Access, Patch or Mitigate Logix, FactoryTalk CVEs
blogs_tenable·2024-06-05
Rockwell Automation: Disconnect OT Devices with Public-Facing Internet Access, Patch or Mitigate Logix, FactoryTalk CVEs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Rockwell Automation warns admins to take ICS devices offline
blogs_bleepingcomputer·2024-05-21·CVSS 9.8
[CRITICAL] Rockwell Automation warns admins to take ICS devices offline
## Rockwell Automation warns admins to take ICS devices offline
## Sergiu Gatlan
Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide.
Network defenders should never configure such devices to allow remote connections from systems outside the local network. By taking them offline, they can drastically reduce their organizations' attack surface.
This ensures that threat actors will no longer have direct access to systems that may not yet be patched against security vulnerabilities, allowing attackers to gain access to their targets' internal networks.
"Due to heightened geopolitical tensions and adversarial cyber activity globally, Rockwell Automation is
2024-01-31
Published