Loading

PN1629 | Denial-of-Service Vulnerability in FactoryTalk® Transaction Manager

Severity:
High
Advisory ID:
PN1629
Fecha de publicación:
June 13, 2023
Última actualización:
September 26, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2023-2778
Resumen
Denial-of-Service Vulnerability in FactoryTalk® Transaction Manager

 

Revision Number
1.1
Revision History
Version 1.0 - June 13, 2023
Version 1.1 - Septeber 26, 2025

Affected Products

Affected Product First Known in Software Version Corrected in Software Version
FactoryTalk® Transaction Manager <=v13.10 BF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10

Security Issue Details

Rockwell Automation uses the latest version of the CVSS scoring system to assess for security issues. The security of our products is important to us as your industrial automation supplier.  This security issue was found internally during routine testing and is being reported based on our commitment to full transparency and the improvement of all business environments.

CVE-2023-2778 IMPACT
A denial-of-service (DoS) security issue exists in the affected products. This security issue can be used by sending a modified packet to port 400. If used, the application could crash or experience a high CPU or memory usage condition. This would cause intermittent application functionality issues. The application would need to be restarted to recover from the DoS.

CVSS Base Score 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400 Uncontrolled Resource Consumption


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.

Risk Mitigation & User Action

Customers using the affected software should use the risk mitigations . and our suggested security best practices below to minimize the risks.
  • Customers should follow the instructions in BF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10 to install the patch to mitigate the issue.
  • QA43240 - Recommended Security Guidelines from Rockwell Automation

Additional Resources

  • CVE-2023-2778 JSON

Glossary

Central Processing Unit: (CPU) the brain of your computer, processing instructions from programs and components

Denial-of-Service: malicious attempt to overwhelm a web property with traffic in order to disrupt its normal operations

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited 

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Página principal de Rockwell Automation Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Actualice sus preferencias de cookies para continuar.
Esta función requiere cookies para mejorar su experiencia. Actualice sus preferencias para permitir estas cookies.:
  • Cookies de Redes Sociales
  • Cookies Funcionales
  • Cookies de Performance
  • Cookies de Marketing
  • Todas las cookies
Puede actualizar sus preferencias en cualquier momento. Para más información, vea nuestro {0} Política de Privacidad
CloseClose