← Back to home
ICSA-24-030-06  ·  Published 2024-01-30  ·  View on CISA ICS-CERT ↗

Rockwell Automation FactoryTalk Service Platform

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to retrieve user information and modify settings without any authentication.

CVEs (1)

Remediations

  • Rockwell Automation recommends the following:
  • When it is not possible to update to v6.40 or later, enable verification of the publisher information (i.e., digital signature) of any executable attempting to use the FactoryTalk Services APIs. This helps prevent a malicious user from calling the API to receive the service token. This setting can be changed from the Application Authorization node located within System Policies using the FactoryTalk® Administration Console application.
  • Security Best Practices

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · FactoryTalk Service Platform <v6.4

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more