Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2444

A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well.

Published

2023-05-11T19:15:09.437

Last Modified

2024-11-21T07:58:37.733

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rockwellautomation	factorytalk_vantagepoint	< 8.40	Yes

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139443 Permissions Required, Vendor Advisory ([email protected])
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139443 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)