CVE-2023-2638
CVSS V2 None
CVSS V3 None
Description
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected.
Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.
Overview
- CVE ID
- CVE-2023-2638
- Assigner
- Rockwell
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-06-13T20:25:03.375Z
- Last Modified Date
- 2023-06-13T20:25:03.375Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-2638 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2638 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 21:48:45 | Added to TrackCVE |