A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Rockwell
Published: 2024-01-31T18:16:27.949Z
Updated: 2024-10-17T17:09:38.403Z
Reserved: 2024-01-03T16:40:50.367Z
Link: CVE-2024-21917
Vulnrichment
Updated: 2024-08-01T22:35:34.763Z
NVD
Status : Analyzed
Published: 2024-01-31T19:15:08.633
Modified: 2024-02-08T01:29:32.367
Link: CVE-2024-21917
Redhat
No data.