variot - var-202401-1419

var-202401-1419

Vulnerability from variot

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202401-1419",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "factorytalk services platform",
            scope: "lte",
            trust: 1,
            vendor: "rockwellautomation",
            version: "6.31.00",
         },
         {
            model: "factorytalk services platform",
            scope: "eq",
            trust: 0.8,
            vendor: "rockwell automation",
            version: null,
         },
         {
            model: "factorytalk services platform",
            scope: "lte",
            trust: 0.8,
            vendor: "rockwell automation",
            version: "6.31.00  and earlier",
         },
         {
            model: "factorytalk services platform",
            scope: null,
            trust: 0.8,
            vendor: "rockwell automation",
            version: null,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2024-002283",
         },
         {
            db: "NVD",
            id: "CVE-2024-21917",
         },
      ],
   },
   cve: "CVE-2024-21917",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "NONE",
                  baseScore: 9.1,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  id: "CVE-2024-21917",
                  impactScore: 5.2,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "PSIRT@rockwellautomation.com",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  id: "CVE-2024-21917",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 9.1,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2024-21917",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2024-21917",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "PSIRT@rockwellautomation.com",
                  id: "CVE-2024-21917",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "NVD",
                  id: "CVE-2024-21917",
                  trust: 0.8,
                  value: "Critical",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2024-002283",
         },
         {
            db: "NVD",
            id: "CVE-2024-21917",
         },
         {
            db: "NVD",
            id: "CVE-2024-21917",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "\nA vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory.  If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication",
      sources: [
         {
            db: "NVD",
            id: "CVE-2024-21917",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-002283",
         },
         {
            db: "VULMON",
            id: "CVE-2024-21917",
         },
      ],
      trust: 1.71,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2024-21917",
            trust: 2.7,
         },
         {
            db: "ICS CERT",
            id: "ICSA-24-030-06",
            trust: 0.9,
         },
         {
            db: "JVN",
            id: "JVNVU99327679",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-002283",
            trust: 0.8,
         },
         {
            db: "VULMON",
            id: "CVE-2024-21917",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2024-21917",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-002283",
         },
         {
            db: "NVD",
            id: "CVE-2024-21917",
         },
      ],
   },
   id: "VAR-202401-1419",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.4717742,
   },
   last_update_date: "2024-08-14T14:54:18.363000Z",
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-347",
            trust: 1,
         },
         {
            problemtype: "Improper verification of digital signatures (CWE-347) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2024-002283",
         },
         {
            db: "NVD",
            id: "CVE-2024-21917",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.9,
            url: "https://www.rockwellautomation.com/en-us/support/advisory.sd1660.html",
         },
         {
            trust: 0.9,
            url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-06",
         },
         {
            trust: 0.8,
            url: "https://jvn.jp/vu/jvnvu99327679/",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2024-21917",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2024-21917",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-002283",
         },
         {
            db: "NVD",
            id: "CVE-2024-21917",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULMON",
            id: "CVE-2024-21917",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-002283",
         },
         {
            db: "NVD",
            id: "CVE-2024-21917",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2024-01-31T00:00:00",
            db: "VULMON",
            id: "CVE-2024-21917",
         },
         {
            date: "2024-02-13T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2024-002283",
         },
         {
            date: "2024-01-31T19:15:08.633000",
            db: "NVD",
            id: "CVE-2024-21917",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2024-01-31T00:00:00",
            db: "VULMON",
            id: "CVE-2024-21917",
         },
         {
            date: "2024-02-13T02:23:00",
            db: "JVNDB",
            id: "JVNDB-2024-002283",
         },
         {
            date: "2024-02-08T01:29:32.367000",
            db: "NVD",
            id: "CVE-2024-21917",
         },
      ],
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Rockwell Automation  of  FactoryTalk Services Platform  Digital Signature Verification Vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2024-002283",
         },
      ],
      trust: 0.8,
   },
}

cve-2024-21917

Vulnerability from cvelistv5

Published

2024-01-31 18:16

Modified

2024-10-17 17:09

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html

Impacted products

	Vendor	Product	Version
	Rockwell Automation	FactoryTalk® Service Platform	Version: <= v6.31

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T22:35:34.763Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-21917",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-02-06T05:00:19.636807Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-17T17:09:38.403Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "FactoryTalk® Service Platform",
               vendor: "Rockwell Automation",
               versions: [
                  {
                     status: "affected",
                     version: "<= v6.31",
                  },
               ],
            },
         ],
         datePublic: "2024-01-30T14:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. &nbsp;If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.</span>\n\n",
                  },
               ],
               value: "\nA vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory.  If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.\n\n",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-115",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-115 Authentication Bypass",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-347",
                     description: "CWE-347 Improper Verification of Cryptographic Signature",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-31T18:16:27.949Z",
            orgId: "b73dd486-f505-4403-b634-40b078b177f0",
            shortName: "Rockwell",
         },
         references: [
            {
               url: "https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html",
            },
         ],
         solutions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<p>Customers using \n\nRockwell Automation FactoryTalk® Service Platform\n\n are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.</p><ul><li>Update to v6.40 or later.&nbsp;</li><li>Set DCOM authentication level to 6, <a target=\"_blank\" rel=\"nofollow\">which enables encryption of the service token and communication channel between the server and client. Please refer to </a><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134040\">Mitigating Microsoft DCOM Hardening Patch (CVE-2021-26414) for Affected Rockwell Automation Products (custhelp.com)</a></li><li>When it is not possible to update to v6.40 or later, enable verification of the publisher information (i.e., digital signature) of any executable attempting to use the FactoryTalk® Services APIs. This helps prevent a malicious user from calling the API to receive the service token. This setting can be changed from the Application Authorization node located within System Policies using the FactoryTalk® Administration Console application.</li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></li></ul>\n\n",
                  },
               ],
               value: "\nCustomers using \n\nRockwell Automation FactoryTalk® Service Platform\n\n are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.\n\n  *  Update to v6.40 or later. \n  *  Set DCOM authentication level to 6,  Mitigating Microsoft DCOM Hardening Patch (CVE-2021-26414) for Affected Rockwell Automation Products (custhelp.com) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134040 \n  *  When it is not possible to update to v6.40 or later, enable verification of the publisher information (i.e., digital signature) of any executable attempting to use the FactoryTalk® Services APIs. This helps prevent a malicious user from calling the API to receive the service token. This setting can be changed from the Application Authorization node located within System Policies using the FactoryTalk® Administration Console application.\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \n\n\n\n\n",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: " Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "b73dd486-f505-4403-b634-40b078b177f0",
      assignerShortName: "Rockwell",
      cveId: "CVE-2024-21917",
      datePublished: "2024-01-31T18:16:27.949Z",
      dateReserved: "2024-01-03T16:40:50.367Z",
      dateUpdated: "2024-10-17T17:09:38.403Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted