cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21915,https://securityvulnerability.io/vulnerability/CVE-2024-21915,Privilege Escalation Vulnerability in Rockwell Automation FactoryTalk® Service Platform (FTSP),"A privilege escalation vulnerability exists within Rockwell Automation's FactoryTalk® Service Platform (FTSP). This flaw enables an attacker with basic user privileges to gain unauthorized FTSP Administrator Group rights. An exploitation of this vulnerability could allow malicious actors to access, modify, or delete sensitive data, ultimately compromising the integrity and availability of the FTSP system. Affected users should assess their security posture and implement necessary mitigations.",Rockwell Automation,FactoryTalk® Service Platform,8.8,HIGH,0.0008200000156648457,false,,false,false,false,,,false,false,,2024-02-16T18:20:43.862Z,0
CVE-2024-21917,https://securityvulnerability.io/vulnerability/CVE-2024-21917," Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability","A security vulnerability has been identified within Rockwell Automation's FactoryTalk Service Platform, which permits unauthorized access via the service token. The vulnerability arises from the absence of digital signature validation for the FTSP service token in relation to directories. An attacker exploiting this flaw could obtain the service token and use it to authenticate themselves on any other FTSP directory, resulting in unauthorized access to user data and the ability to modify critical settings without proper authentication. This poses a significant risk to the integrity and confidentiality of user information and operational settings within affected environments.",Rockwell Automation,Factorytalk® Service Platform,9.8,CRITICAL,0.0008299999753944576,false,,false,false,false,,,false,false,,2024-01-31T18:16:27.949Z,0
CVE-2023-46290,https://securityvulnerability.io/vulnerability/CVE-2023-46290,Rockwell Automation FactoryTalk Services Platform Elevated Privileges Vulnerability,"A configuration flaw in the FactoryTalk® Services Platform web service enables a potential unauthorized actor to gain access to a local Windows OS user token. If an authorized user has not logged into the web service previously, the attacker could leverage this vulnerability to log into the platform without valid credentials, compromising system integrity.",Rockwell Automation,FactoryTalk® Services Platform,8.1,HIGH,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-10-27T19:15:00.000Z,0
CVE-2021-32960,https://securityvulnerability.io/vulnerability/CVE-2021-32960,Rockwell Automation FactoryTalk Services Platform Protection Mechanism Failure,"Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.",Rockwell Automation,Factorytalk Services Platform,8.5,HIGH,0.002689999993890524,false,,false,false,false,,,false,false,,2022-04-01T23:15:00.000Z,0
CVE-2020-14478,https://securityvulnerability.io/vulnerability/CVE-2020-14478,IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611,"A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.",Rockwell Automation,Factorytalk Services Platform,7.1,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-02-24T19:15:00.000Z,0