ID

VAR-202310-1121


CVE

CVE-2023-46290


DESCRIPTION

Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service

Trust: 0.99

sources: NVD: CVE-2023-46290 // VULMON: CVE-2023-46290

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:factorytalk services platformscope:ltversion:2.80

Trust: 1.0

sources: NVD: CVE-2023-46290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-46290
value: HIGH

Trust: 1.0

PSIRT@rockwellautomation.com: CVE-2023-46290
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2023-46290
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: NVD: CVE-2023-46290 // NVD: CVE-2023-46290

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

sources: NVD: CVE-2023-46290

EXTERNAL IDS

db:NVDid:CVE-2023-46290

Trust: 1.1

db:VULMONid:CVE-2023-46290

Trust: 0.1

sources: VULMON: CVE-2023-46290 // NVD: CVE-2023-46290

REFERENCES

url:https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165

Trust: 1.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-46290 // NVD: CVE-2023-46290

SOURCES

db:VULMONid:CVE-2023-46290
db:NVDid:CVE-2023-46290

LAST UPDATE DATE

2024-08-14T14:36:34.151000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-46290date:2023-10-29T00:00:00
db:NVDid:CVE-2023-46290date:2023-11-07T19:09:56.033

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-46290date:2023-10-27T00:00:00
db:NVDid:CVE-2023-46290date:2023-10-27T19:15:41.560