![]() ![]() Rockwell Automation reported these vulnerabilities to NCCIC. Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Food and Agriculture, Water and Wastewater Systems.A CVSS v3 base score of 9.8 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 4.2.2 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119Ī custom string copying function of the license server manager in FlexNet Publisher does not use proper bounds checking on incoming data, allowing a remote, unauthenticated user to send crafted messages with the intent of causing a buffer overflow.ĬVE-2015-8277 has been assigned to this vulnerability. A CVSS v3 base score of 2.7 has been calculated the CVSS vector string is ( AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). FactoryTalk Historian Site Edition (SE)Ĥ.2 VULNERABILITY OVERVIEW 4.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79Ī Cross-Site Scripting (“XSS”) vulnerability was found in certain versions of Wibu-Systems CodeMeter that may allow local attackers to inject arbitrary web script or HTML via a specific field in a configuration file, allowing an attacker to access sensitive information, or even rewrite the content of the HTML page.ĬVE-2017-13754 has been assigned to this vulnerability.Users who recognize products from the following list are using FactoryTalk Activation Manager: Remote studio 5000 logix emulate software#The following products require FactoryTalk Activation Manager to store and keep track of Rockwell Automation software products and activation files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |