CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-46290

Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.7%

CVSS Severity

CVSS v3 Score 8.1

References

Products affected by CVE-2023-46290

Rockwellautomation » Factorytalk Services Platform » Version: N/A

cpe:2.3:a:rockwellautomation:factorytalk_services_platform:-
Rockwellautomation » Factorytalk Services Platform » Version: 2.51.00.8

cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.51.00.8
Rockwellautomation » Factorytalk Services Platform » Version: 2.61

cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.61
Rockwellautomation » Factorytalk Services Platform » Version: 2.71

cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.71
Rockwellautomation » Factorytalk Services Platform » Version: 2.73

cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.73
Rockwellautomation » Factorytalk Services Platform » Version: 2.74

cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.74

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-46290

Products

Pricing

Contact Us