A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rockwellautomation factorytalk services platform |
Rockwell Automation warns admins to take ICS devices offline By Sergiu Gatlan May 21, 2024 01:48 PM 0 Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide. Network defenders should never configure such devices to allow remote connections from systems outside the local network. By taking them offline, they can drastically reduce their organizations' attack surface....