CVE-2023-2637

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683	Permissions Required Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rockwellautomation:factorytalk_policy_manager:6.11.0:::::::*
	cpe:2.3:a:rockwellautomation:factorytalk_system_services:6.11.0:::::::*

History

No history.

Information

Published : 2023-06-13 21:15

Updated : 2023-06-26 16:38

NVD link : CVE-2023-2637

Mitre link : CVE-2023-2637

CVE.ORG link : CVE-2023-2637

JSON object : View

Products Affected

rockwellautomation

factorytalk_policy_manager
factorytalk_system_services

CWE

CWE-798

Use of Hard-coded Credentials

CWE-321

Use of Hard-coded Cryptographic Key

{"id": "CVE-2023-2637", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.5}]}, "published": "2023-06-13T21:15:09.917", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683", "tags": ["Permissions Required", "Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-321"}]}], "descriptions": [{"lang": "en", "value": "\nRockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.\u00a0 Hard-coded cryptographic key may lead to privilege escalation.\u00a0 This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.\n\n"}], "lastModified": "2023-06-26T16:38:33.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_policy_manager:6.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78D6F03E-E110-4CA7-8883-5CE38FF8E5A0"}, {"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_system_services:6.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46A50229-56B5-4B30-8B4A-6D180D65C2D6"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}