Vulnerability Details CVE-2022-38743
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.4%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-38743
-
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.0
-
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.10
-
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.20
-
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.30
-
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.31