CVE-2022-38743

Published: Oct 17, 2022Modified: May 13, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data.

Affected (5)

Products: Rockwellautomation: Factorytalk Vantagepoint

Rockwellautomation

1 product

Factorytalk Vantagepoint

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Factorytalk Vantagepoint	Version 8.0
Rockwellautomation Factorytalk Vantagepoint	Version 8.10
Rockwellautomation Factorytalk Vantagepoint	Version 8.20
Rockwellautomation Factorytalk Vantagepoint	Version 8.30
Rockwellautomation Factorytalk Vantagepoint	Version 8.31

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043

Source: PSIRT@rockwellautomation.com

Permissions RequiredVendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.