Loading

PN1628 | Apache Portable Runtime Vulnerability in FactoryTalk® Edge Gateway

Severity:
High
Advisory ID:
PN1628
公開日:
June 13, 2023
最終更新日:
September 09, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
いいえ
Workaround:
いいえ
CVE IDs
CVE-2021-35940,
CVE-2017-12613
概要
Apache Portable Runtime Vulnerability in FactoryTalk® Edge Gateway

 

Revision Number
1.1
Revision History
Version 1.0 - June 13, 2023
Version 1.1 - September 9, 2025 - Updated for readability

Affected Products

Affected Product First Known in Software Version Corrected in Software Version
FactoryTalk® Edge Gateway v1.03.00 v1.04.00

Security Issue Details

Rockwell Automation uses the latest version of the CVSS scoring system to assess security issues. The security of our products is important to us as your industrial automation supplier.  This irregularity was found internally during routine testing and is being reported based on our commitment to customer transparency and to improving production environments.

CVE-2021-35940 IMPACT
An out of bounds array read security issue was fixed in the apr_time_exp*() function in the Apache Portable Runtime v1.6.3 (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch causing version 1.7.0 to regress compared to 1.6.3. Therefore it is vulnerable to the same issue. If exploited, a threat actor could potentially read confidential data or cause the software to become unavailable.

CVSS Base Score: 7.1
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE 125 Out-of-bounds Read


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.

Risk Mitigation & User Action

Customers using the affected software should use the risk mitigation below and our security best practices to minimize the risks .
  • Update to v1.04.00 which mitigates the issue.
  • Security Best Practicies: QA43240 - Recommended Security Guidelines from Rockwell Automation

Additional Resources

  • CVE 2021 35940 JSON

 

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left ロックウェル・オートメーションのホーム Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust & Security Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
を続行するには、クッキーの設定を更新してください.
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • ソーシャルメディア・クッキー
  • 機能性クッキー
  • パフォーマンスクッキー
  • マーケティングクッキー
  • 全てのクッキー
いつでも設定を更新することができます。詳しくは{0}をご覧ください プライバシーポリシー
CloseClose