A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.
References
Link | Resource |
---|---|
https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831 | Permissions Required Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01 | Mitigation Third Party Advisory US Government Resource |
Configurations
History
29 Mar 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Rockwellautomation factorytalk Assetcentre
Rockwellautomation |
|
CPE | cpe:2.3:a:rockwellautomation:factorytalk_assetcentre:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-89 | |
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01 - Mitigation, Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831 - Permissions Required, Vendor Advisory |
23 Mar 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-23 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-27472
Mitre link : CVE-2021-27472
CVE.ORG link : CVE-2021-27472
JSON object : View
Products Affected
rockwellautomation
- factorytalk_assetcentre
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')