Loading

FactoryTalk® Service Platform Service Token Vulnerability

Severity:
Critical
Advisory ID:
SD1660
發佈日期:
January 30, 2024
最近更新:
December 04, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
否
Corrected:
是
Workaround:
否
CVE IDs
CVE-2024 21917
下載
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
摘要
FactoryTalk® Service Platform Service Token Vulnerability

FactoryTalk® Service Platform Service Token Vulnerability

Published Date: January 30, 2024

Last updated: March 5th, 2024 *Updated Mitigations and Workarounds*

Revision Number: 1.0

CVSS Score: 9.8/10

AFFECTED PRODUCTS AND SOLUTION

Affected Product

First Known in software version

Corrected in software version

FactoryTalk® Service Platform

<= v6.31

v6.40 or later

Mitigations and Workarounds

Customers using the affected software should use risk mitigations and our suggested security best practices to minimize the risks.

Customers updating to v6.40 or later should do one of the following steps:

  1. Set the FactoryTalk Directory’s System Communications Type security policy to SOCKET.IO. This prevents FactoryTalk Services Platform from using the DCOM communication channel. When set to SOCKET.IO only v6.40, and later, FactoryTalk Directory clients can communicate with the FactoryTalk Directory server.

  2. If the v6.40 (or later) FactoryTalk Directory server must support communication with legacy FactoryTalk Directory client versions, v6.31 and earlier,  System Communication Type setting should not be altered from AUTO or DCOM.
    Instead, elevate DCOM Authentication Level to PACKET PRIVACY (‘6’). Please refer to Mitigating Microsoft DCOM Hardening Patch (CVE-2021-26414) for Affected Rockwell Automation Products (custhelp.com)

IMPORTANT! Two v 6.40 (or later) FactoryTalk Directory security policies can prevent legacy FactoryTalk Directory clients, v6.31 and earlier, from connecting with the FactoryTalk Directory server.  Set both security policies Legacy to allow the connection.
The two security policies are the Service Token signature method and Encryption method.

Customers who are unable to update to v6.40 or later should apply the following:

  • Set DCOM authentication level to 6. This enables encryption of the service token and communication channel between the server and client. Please refer to Mitigating Microsoft DCOM Hardening Patch (CVE-2021-26414) for Affected Rockwell Automation Products (custhelp.com)
  • When it is not possible to update to v6.40 or later, enable verification of the publisher information (i.e., digital signature) of any executable attempting to use the FactoryTalk® Services APIs. This helps prevent a threat actor from calling the API to receive the service token. This setting can be changed from the Application Authorization node located within System Policies using the FactoryTalk® Administration Console application.
  • Security Best Practices

SECURITY ISSUE DETAILS

Rockwell Automation used CVSS v3.1 scoring system to assess the following security issues.

CVE - 2024 21917 IMPACT

A security issue exists in the affected product. This allows a malicious user to obtain the service token and use it for authentication on another FactoryTalk® Service Platform (FTSP) directory. This is due to the lack of digital signing between the FTSP service token and directory.  A threat actor could potentially retrieve user information and modify settings without any authentication.

CVSS Base Score: 9.8/10 (Critical)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: 347 Improper Verification of Cryptographic Signature

Known Exploited Vulnerability (KEV) database:  No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment specific categories.

ADDITIONAL RESOURCES

  • JSON CVE 2024 21917

Glossary

Application Programming Interface: (API) is a set of protocols and tools that allow different software applications to communicate with each other.

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 首頁 Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
請更新您的 cookie 設定以繼續.
此功能需要 cookie 來改善您的體驗。請更新您的設定以允許這些 cookie:
  • 社群媒體Cookie
  • 功能Cookie
  • 性能Cookie
  • 行銷Cookie
  • 全部Cookie
您可以隨時更新您的設定。想了解更多訊息,請參閱我們的 {0} 隱私政策
CloseClose