Details of VAR-202310-1178

ID

VAR-202310-1178

CVE

CVE-2023-46289

TITLE

Rockwell Automation FactoryTalk View SE Input Validation Error Vulnerability (CNVD-2024-37628)

Trust: 0.6

sources: CNVD: CNVD-2024-37628

DESCRIPTION

Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States. Rockwell Automation FactoryTalk View SE has a security vulnerability that a remote attacker can exploit to submit a special request that can take the product offline and cause a denial of service attack

Trust: 1.53

sources: NVD: CVE-2023-46289 // CNVD: CNVD-2024-37628 // VULMON: CVE-2023-46289

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-37628

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk view	scope:	gte	version:	11.0	Trust: 1.0
vendor:	rockwellautomation	model:	factorytalk view	scope:	lte	version:	13.0	Trust: 1.0
vendor:	rockwell	model:	automation factorytalk view se	scope:	eq	version:	v11.0	Trust: 0.6

sources: CNVD: CNVD-2024-37628 // NVD: CVE-2023-46289

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-46289
value:	HIGH
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2023-46289
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-37628
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-37628
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-46289
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2024-37628 // NVD: CVE-2023-46289 // NVD: CVE-2023-46289

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2023-46289

PATCH

title:

Patch for Rockwell Automation FactoryTalk View SE Input Validation Error Vulnerability (CNVD-2024-37628)

url:

https://www.cnvd.org.cn/patchInfo/show/588231

Trust: 0.6

sources: CNVD: CNVD-2024-37628

EXTERNAL IDS

db:	NVD	id:	CVE-2023-46289	Trust: 1.7
db:	ICS CERT	id:	ICSA-23-299-05	Trust: 0.6
db:	CNVD	id:	CNVD-2024-37628	Trust: 0.6
db:	VULMON	id:	CVE-2023-46289	Trust: 0.1

sources: CNVD: CNVD-2024-37628 // VULMON: CVE-2023-46289 // NVD: CVE-2023-46289

REFERENCES

url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167	Trust: 1.1
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-05	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-37628 // VULMON: CVE-2023-46289 // NVD: CVE-2023-46289

SOURCES

db:	CNVD	id:	CNVD-2024-37628
db:	VULMON	id:	CVE-2023-46289
db:	NVD	id:	CVE-2023-46289

LAST UPDATE DATE

2024-09-28T23:19:22.008000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-37628	date:	2024-09-06T00:00:00
db:	VULMON	id:	CVE-2023-46289	date:	2023-10-29T00:00:00
db:	NVD	id:	CVE-2023-46289	date:	2023-11-07T18:18:35.950

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-37628	date:	2024-09-06T00:00:00
db:	VULMON	id:	CVE-2023-46289	date:	2023-10-27T00:00:00
db:	NVD	id:	CVE-2023-46289	date:	2023-10-27T19:15:41.493