Loading

PN1626 | Cross Site Request Forgery in FactoryTalk® Vantagepoint®

Severity:
High
Advisory ID:
PN1626
公開日:
May 11, 2023
最終更新日:
September 26, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
いいえ
Workaround:
いいえ
CVE IDs
CVE-2023-2444
概要
Cross Site Request Forgery in FactoryTalk® Vantagepoint®

 

Revision Number
1..1
Revision History
Version 1.0 - May 11, 2023
Version 1.1 - September 26, 2025

Affected Products

Affected Product First Known in Software Version Corrected in Software Version
FactoryTalk® Vantagepoint® <v8.40 V8.40 and later

Vulnerability Details

Rockwell Automation uses the latest version of the CVSS scoring system to assess for security issues.

CVE-2023-2444 IMPACT
A cross site request forgery security issue exists in the affected product. This security issue can be used in two ways. In one way an attacker sends a harmful link to a computer that is on the same domain as the FactoryTalk® Vantagepoint® server. A user then clicks the link, and the attacker impersonates the legitimate user and send requests to the affected product.

 A second way, an attacker sends an untrusted link to a computer that is not on the same domain as the server. A user then opens the FactoryTalk® Vantagepoint® website and enters credentials for the FactoryTalk® Vantagepoint® server. The user then clicks on the harmful link for a cross site request forgery attack to be successful.

CVSS Base Score: 7.1/10
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
CWE: CWE-345 Insufficient Verification of Data Authenticity


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.

Risk Mitigation & User Action

Customers using the affected software should use our security best practices to minimize risks.
  • Provide training about social engineering attacks, such as phishing.
  • QA43240 - Recommended Security Guidelines from Rockwell Automation

Additional Resources

  • CVE-2023-2444 JSON

Glossary

Cross Site Request Forgery: (CSRF) an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated

Phishing: cyberattack that uses fraudulent emails, text messages, phone calls or websites to trick people into sharing sensitive data, downloading malware or otherwise exposing themselves to cybercrime

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left ロックウェル・オートメーションのホーム Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust & Security Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
を続行するには、クッキーの設定を更新してください.
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • ソーシャルメディア・クッキー
  • 機能性クッキー
  • パフォーマンスクッキー
  • マーケティングクッキー
  • 全てのクッキー
いつでも設定を更新することができます。詳しくは{0}をご覧ください プライバシーポリシー
CloseClose