CVE-2017-14022

Published: Dec 23, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate.

Affected (1)

Products: Rockwellautomation: Factorytalk Alarms And Events

Rockwellautomation

1 product

Factorytalk Alarms And Events

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Factorytalk Alarms And Events	Up to 2.90

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/bid/102114

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/102114

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.