Rockwell Automation FactoryTalk VantagePoint

Act Now9.9ICS-CERT ICSA-22-279-01Oct 6, 2022

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

FactoryTalk VantagePoint versions 8.0 through 8.31 contain SQL injection and improper access control vulnerabilities (CWE-284, CWE-89) that could allow an authenticated attacker to execute remote code on the application server. The vulnerabilities stem from insufficient input validation and weak authorization checks in database query handling. Successful exploitation could allow modification of operational data, creation of unauthorized accounts, or system compromise.

What this means

What could happen

An attacker with database user credentials could execute arbitrary commands on the FactoryTalk VantagePoint server, potentially allowing them to modify production data, alter alarm thresholds, or disrupt plant operations monitored through this system.

Who's at risk

This affects water authorities and electric utilities using Rockwell Automation FactoryTalk VantagePoint for real-time monitoring and data visualization of production systems. Impact is greatest for organizations that rely on VantagePoint for critical process monitoring, trend analysis, or historical data logging.

How it could be exploited

An attacker with valid database login credentials gains network access to the FactoryTalk VantagePoint database port and exploits a SQL injection or improper access control vulnerability to execute arbitrary commands on the application server or underlying system.

Prerequisites

Network access to FactoryTalk VantagePoint database port (typically port 1433 or vendor-specific)
Valid database user credentials (engineering or application account)
FactoryTalk VantagePoint version 8.0 through 8.31

Remotely exploitableAuthentication required (database credentials)Low complexity attackAffects system monitoring and control dataNo patch currently available for most versions

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

FactoryTalk VantagePoint software - FactoryTalk VantagePoint: Firmware< 8.0; ≥ 8.0 |≤ 8.10; ≥ 8.10 | ≤ 8.20; ≥ 8.20 | ≤ 8.30; ≥ 8.30 | ≤ 8.31No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDConfigure the FactoryTalk VantagePoint database to enforce least privilege principle: restrict database user accounts to only the minimum permissions needed for their role

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk VantagePoint firmware to the latest available version (8.31 or later when released)

Long-term hardening

0/2

HARDENINGIsolate FactoryTalk VantagePoint behind a firewall and restrict network access to only authorized engineering workstations and control systems

HARDENINGIf remote access to FactoryTalk VantagePoint is required, use a VPN with strong authentication and keep VPN software patched to current versions

CVEs (2)

CVE-2022-38743 CVE-2022-3158

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/15ecc097-4874-4f17-897c-17ecca628aa0