Loading

PN1629 | Denial-of-Service Vulnerability in FactoryTalk® Transaction Manager

Severity:
High
Advisory ID:
PN1629
公開日:
June 13, 2023
最終更新日:
September 26, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
いいえ
Workaround:
いいえ
CVE IDs
CVE-2023-2778
概要
Denial-of-Service Vulnerability in FactoryTalk® Transaction Manager

 

Revision Number
1.1
Revision History
Version 1.0 - June 13, 2023
Version 1.1 - Septeber 26, 2025

Affected Products

Affected Product First Known in Software Version Corrected in Software Version
FactoryTalk® Transaction Manager <=v13.10 BF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10

Security Issue Details

Rockwell Automation uses the latest version of the CVSS scoring system to assess for security issues. The security of our products is important to us as your industrial automation supplier.  This security issue was found internally during routine testing and is being reported based on our commitment to full transparency and the improvement of all business environments.

CVE-2023-2778 IMPACT
A denial-of-service (DoS) security issue exists in the affected products. This security issue can be used by sending a modified packet to port 400. If used, the application could crash or experience a high CPU or memory usage condition. This would cause intermittent application functionality issues. The application would need to be restarted to recover from the DoS.

CVSS Base Score 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400 Uncontrolled Resource Consumption


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.

Risk Mitigation & User Action

Customers using the affected software should use the risk mitigations . and our suggested security best practices below to minimize the risks.
  • Customers should follow the instructions in BF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10 to install the patch to mitigate the issue.
  • QA43240 - Recommended Security Guidelines from Rockwell Automation

Additional Resources

  • CVE-2023-2778 JSON

Glossary

Central Processing Unit: (CPU) the brain of your computer, processing instructions from programs and components

Denial-of-Service: malicious attempt to overwhelm a web property with traffic in order to disrupt its normal operations

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited 

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left ロックウェル・オートメーションのホーム Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust & Security Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
を続行するには、クッキーの設定を更新してください.
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • ソーシャルメディア・クッキー
  • 機能性クッキー
  • パフォーマンスクッキー
  • マーケティングクッキー
  • 全てのクッキー
いつでも設定を更新することができます。詳しくは{0}をご覧ください プライバシーポリシー
CloseClose