Severity:
High
Advisory ID:
PN1629
Fecha de publicación:
June 13, 2023
Última actualización:
September 26, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2023-2778
Resumen
Denial-of-Service Vulnerability in FactoryTalk® Transaction Manager
Revision Number
1.1
Revision History
Version 1.0 - June 13, 2023
Version 1.1 - Septeber 26, 2025
Affected Products
| Affected Product | First Known in Software Version | Corrected in Software Version |
| FactoryTalk® Transaction Manager | <=v13.10 | BF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10 |
Security Issue Details
Rockwell Automation uses the latest version of the CVSS scoring system to assess for security issues. The security of our products is important to us as your industrial automation supplier. This security issue was found internally during routine testing and is being reported based on our commitment to full transparency and the improvement of all business environments.
CVE-2023-2778 IMPACT
A denial-of-service (DoS) security issue exists in the affected products. This security issue can be used by sending a modified packet to port 400. If used, the application could crash or experience a high CPU or memory usage condition. This would cause intermittent application functionality issues. The application would need to be restarted to recover from the DoS.
Known Exploited Vulnerability (KEV) database:
Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.
CVE-2023-2778 IMPACT
A denial-of-service (DoS) security issue exists in the affected products. This security issue can be used by sending a modified packet to port 400. If used, the application could crash or experience a high CPU or memory usage condition. This would cause intermittent application functionality issues. The application would need to be restarted to recover from the DoS.
CVSS Base Score 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400 Uncontrolled Resource ConsumptionKnown Exploited Vulnerability (KEV) database:
NoCustomers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.
Risk Mitigation & User Action
Customers using the affected software should use the risk mitigations . and our suggested security best practices below to minimize the risks.
- Customers should follow the instructions in BF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10 to install the patch to mitigate the issue.
- QA43240 - Recommended Security Guidelines from Rockwell Automation
Additional Resources
Glossary
Central Processing Unit: (CPU) the brain of your computer, processing instructions from programs and components
Denial-of-Service: malicious attempt to overwhelm a web property with traffic in order to disrupt its normal operations
Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited
Copyright ©2022 Rockwell Automation, Inc.