CVE-2021-32960 Vulnerability Details

  /     /     /  

CVE-2021-32960 Metadata Quick Info

CVE Published: 01/04/2022 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: icscert | Vendor: Rockwell Automation | Product: FactoryTalk Services Platform
Status : PUBLISHED

CVE-2021-32960 Description

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.

Metrics

CVSS Version: 3.1 | Base Score: 8.5 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CVE-693 Protection Mechanism Failure
Source: Rockwell Automation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: