ICSA-23-164-02 · Published 2023-06-13 · View on CISA ICS-CERT ↗

Rockwell Automation FactoryTalk Services Platform

CVSS 7.3 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to disclose information, load malicious configuration files, or elevate privileges from a user to an administrator.

CVEs (3)

CVE-2023-2637 CVE-2023-2638 CVE-2023-2639

Remediations

Rockwell Automation encourages users to upgrade to the latest version: Upgrade to v6.30.00 or later.

Affected Vendors

Rockwell Automation

Affected Products (2)

Rockwell Automation · FactoryTalk Policy Manager v6.11.0

Rockwell Automation · FactoryTalk System Services v6.11.0

Affected Sectors

Chemical, Commercial Facilities, Critical Manufacturing, Energy, Government Facilities, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more