CVE-2022-38744 - OpenCVE

An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rockwellautomation	Factorytalk Alarms And Events

Configuration 1 [-]

cpe:2.3:a:rockwellautomation:factorytalk_alarms_and_events:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876

History

No history.

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2022-10-27T13:25:17.957Z

Updated: 2024-08-03T11:02:14.533Z

Reserved: 2022-08-24T22:11:22.158Z

Link: CVE-2022-38744

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-27T14:15:10.777

Modified: 2023-11-07T03:50:14.327

Link: CVE-2022-38744

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-38744", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2022-08-24T22:11:22.158Z", "datePublished": "2022-10-27T13:25:17.957Z", "dateUpdated": "2024-08-03T11:02:14.533Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "FactoryTalk Alarm and Events Server", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "All"}]}], "datePublic": "2022-10-27T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nAn unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and \nEvents service could open a connection, causing the service to fault and become unavailable. The affected port \ncould be used as a server ping port and uses messages structured with XML.\n\n\n"}], "value": "\nAn unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and \nEvents service could open a connection, causing the service to fault and become unavailable. The affected port \ncould be used as a server ping port and uses messages structured with XML.\n\n\n"}], "impacts": [{"capecId": "CAPEC-528", "descriptions": [{"lang": "en", "value": "CAPEC-528 XML Flood"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2022-10-27T13:25:17.957Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876"}], "source": {"discovery": "UNKNOWN"}, "title": "FactoryTalk Alarm and Events Server Vulnerable to Denial-Of-Service Attack", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.533Z"}, "title": "CVE Program Container", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_alarms_and_events:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCB45744-EA5E-47AF-B3F2-5E73FE108897", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nAn unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and \nEvents service could open a connection, causing the service to fault and become unavailable. The affected port \ncould be used as a server ping port and uses messages structured with XML.\n\n\n"}, {"lang": "es", "value": "Un atacante no autenticado con acceso a la red de la v\u00edctima del servicio de Eventos y Alarmas FactoryTalk de Rockwell Automation podr\u00eda abrir una conexi\u00f3n, provocando que el servicio falle y deje de estar disponible. El puerto afectado podr\u00eda utilizarse como puerto de ping del servidor y utiliza mensajes estructurados con XML."}], "id": "CVE-2022-38744", "lastModified": "2023-11-07T03:50:14.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2022-10-27T14:15:10.777", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136876"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}