CVE-2022-38744 - Vulnerability Details - OpenCVE

An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and
Events service could open a connection, causing the service to fault and become unavailable. The affected port
could be used as a server ping port and uses messages structured with XML.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00375.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Rockwellautomation Subscribe	Factorytalk Alarms And Events Subscribe

Configuration 1 [-]

cpe:2.3:a:rockwellautomation:factorytalk_alarms_and_events:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-41311	An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876

History

Mon, 05 May 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2022-10-27T13:25:17.957Z

Updated: 2025-05-05T15:38:28.146Z

Reserved: 2022-08-24T22:11:22.158Z

Link: CVE-2022-38744

Vulnrichment

Updated: 2024-08-03T11:02:14.533Z

NVD

Status : Modified

Published: 2022-10-27T14:15:10.777

Modified: 2024-11-21T07:17:00.823

Link: CVE-2022-38744

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-38744", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2022-08-24T22:11:22.158Z", "datePublished": "2022-10-27T13:25:17.957Z", "dateUpdated": "2025-05-05T15:38:28.146Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "FactoryTalk Alarm and Events Server", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "All"}]}], "datePublic": "2022-10-27T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nAn unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and \nEvents service could open a connection, causing the service to fault and become unavailable. The affected port \ncould be used as a server ping port and uses messages structured with XML.\n\n\n"}], "value": "\nAn unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and \nEvents service could open a connection, causing the service to fault and become unavailable. The affected port \ncould be used as a server ping port and uses messages structured with XML.\n\n\n"}], "impacts": [{"capecId": "CAPEC-528", "descriptions": [{"lang": "en", "value": "CAPEC-528 XML Flood"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2022-10-27T13:25:17.957Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876"}], "source": {"discovery": "UNKNOWN"}, "title": "FactoryTalk Alarm and Events Server Vulnerable to Denial-Of-Service Attack", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.533Z"}, "title": "CVE Program Container", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-05T15:38:04.696478Z", "id": "CVE-2022-38744", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T15:38:28.146Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.533Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-38744", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-05T15:38:04.696478Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T15:38:20.480Z"}}], "cna": {"title": "FactoryTalk Alarm and Events Server Vulnerable to Denial-Of-Service Attack", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-528", "descriptions": [{"lang": "en", "value": "CAPEC-528 XML Flood"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "FactoryTalk Alarm and Events Server", "versions": [{"status": "affected", "version": "All"}], "defaultStatus": "affected"}], "datePublic": "2022-10-27T14:00:00.000Z", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nAn unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and \nEvents service could open a connection, causing the service to fault and become unavailable. The affected port \ncould be used as a server ping port and uses messages structured with XML.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nAn unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and \nEvents service could open a connection, causing the service to fault and become unavailable. The affected port \ncould be used as a server ping port and uses messages structured with XML.\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2022-10-27T13:25:17.957Z"}}}, "cveMetadata": {"cveId": "CVE-2022-38744", "state": "PUBLISHED", "dateUpdated": "2025-05-05T15:38:28.146Z", "dateReserved": "2022-08-24T22:11:22.158Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2022-10-27T13:25:17.957Z", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_alarms_and_events:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCB45744-EA5E-47AF-B3F2-5E73FE108897", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nAn unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and \nEvents service could open a connection, causing the service to fault and become unavailable. The affected port \ncould be used as a server ping port and uses messages structured with XML.\n\n\n"}, {"lang": "es", "value": "Un atacante no autenticado con acceso a la red de la v\u00edctima del servicio de Eventos y Alarmas FactoryTalk de Rockwell Automation podr\u00eda abrir una conexi\u00f3n, provocando que el servicio falle y deje de estar disponible. El puerto afectado podr\u00eda utilizarse como puerto de ping del servidor y utiliza mensajes estructurados con XML."}], "id": "CVE-2022-38744", "lastModified": "2024-11-21T07:17:00.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-27T14:15:10.777", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}