Vulnerability Details CVE-2022-3158
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.4%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-3158
-
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.0
-
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.10
-
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.20
-
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.30
-
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.31