Loading

PN1626 | Cross Site Request Forgery in FactoryTalk® Vantagepoint®

Severity:
High
Advisory ID:
PN1626
Veröffentlichungsdatum:
May 11, 2023
Zuletzt aktualisiert:
September 26, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Nein
Corrected:
Nein
Workaround:
Nein
CVE IDs
CVE-2023-2444
Zusammenfassung
Cross Site Request Forgery in FactoryTalk® Vantagepoint®

 

Revision Number
1..1
Revision History
Version 1.0 - May 11, 2023
Version 1.1 - September 26, 2025

Affected Products

Affected Product First Known in Software Version Corrected in Software Version
FactoryTalk® Vantagepoint® <v8.40 V8.40 and later

Vulnerability Details

Rockwell Automation uses the latest version of the CVSS scoring system to assess for security issues.

CVE-2023-2444 IMPACT
A cross site request forgery security issue exists in the affected product. This security issue can be used in two ways. In one way an attacker sends a harmful link to a computer that is on the same domain as the FactoryTalk® Vantagepoint® server. A user then clicks the link, and the attacker impersonates the legitimate user and send requests to the affected product.

 A second way, an attacker sends an untrusted link to a computer that is not on the same domain as the server. A user then opens the FactoryTalk® Vantagepoint® website and enters credentials for the FactoryTalk® Vantagepoint® server. The user then clicks on the harmful link for a cross site request forgery attack to be successful.

CVSS Base Score: 7.1/10
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
CWE: CWE-345 Insufficient Verification of Data Authenticity


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.

Risk Mitigation & User Action

Customers using the affected software should use our security best practices to minimize risks.
  • Provide training about social engineering attacks, such as phishing.
  • QA43240 - Recommended Security Guidelines from Rockwell Automation

Additional Resources

  • CVE-2023-2444 JSON

Glossary

Cross Site Request Forgery: (CSRF) an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated

Phishing: cyberattack that uses fraudulent emails, text messages, phone calls or websites to trick people into sharing sensitive data, downloading malware or otherwise exposing themselves to cybercrime

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation Startseite
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
Bitte aktualisieren Sie Ihre Cookie-Einstellungen, um fortzufahren.
Für diese Funktion sind Cookies erforderlich, um Ihr Erlebnis zu verbessern. Bitte aktualisieren Sie Ihre Einstellungen, um diese Cookies zuzulassen:
  • Social-Media-Cookies
  • Funktionale Cookies
  • Leistungscookies
  • Marketing-Cookies
  • Alle Cookies
Sie können Ihre Einstellungen jederzeit aktualisieren. Weitere Informationen finden Sie in unserem {0} Datenschutzrichtlinie
CloseClose