CVE-2024-21917

Published: Jan 31, 2024Modified: Jan 15, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.

Affected (1)

Products: Rockwellautomation: Factorytalk Services Platform

Rockwellautomation

1 product

Factorytalk Services Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Factorytalk Services Platform	Up to 6.31.00

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1660.html

Source: PSIRT@rockwellautomation.com

https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.