Detections
Analytics
Rockwell FactoryTalk Services Platform < 6.20 Privilege Escalation
high Nessus Plugin ID 187746
Synopsis
An application installed on the remote Windows host is affected by a vulnerability.Description
The version of Rockwell FactoryTalk Services Platform installed on the remote Windows host is prior to 6.20. It is, therefore, affected by a vulnerability.- FactoryTalk Services Platform contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.
(CVE-2021-32960)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Rockwell FactoryTalk Services Platform version 6.20 or later or refer to the vendor advisory for other mitigations.See Also
https://www.cisa.gov/news-events/ics-advisories/icsa-21-161-01
Plugin Details
Severity: High
ID: 187746
File Name: rockwell_factorytalk_services_platform_6_20.nasl
Version: 1.3
Type: local
Agent: windows
Family: SCADA
Published: 1/9/2024
Updated: 1/22/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6
Temporal Score: 4.4
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2021-32960
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:rockwellautomation:factorytalk_services_platform
Required KB Items: installed_sw/Rockwell FactoryTalk Services Platform
Exploit Ease: No known exploits are available
Patch Publication Date: 3/23/2020
Vulnerability Publication Date: 4/1/2022
Reference Information
CVE: CVE-2021-32960
ICSA: 21-161-01