OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk Vantagepoint

Plan Patch7.1ICS-CERT ICSA-23-136-03May 16, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

FactoryTalk Vantagepoint versions prior to 8.40 contain an authentication and session management vulnerability (CWE-345) that allows an attacker to impersonate an existing user or perform unauthorized actions via a cross-site request forgery (CSRF) attack. Exploitation requires the user to click a malicious link while authenticated to the application. The vulnerability has high attack complexity and no known public exploits. Rockwell Automation recommends updating to version 8.40 or later and implementing security best practices including user training on phishing and social engineering.

What this means
What could happen
An attacker could trick a user into visiting a malicious link or page to take over their FactoryTalk Vantagepoint account or perform unauthorized actions on their behalf, potentially leading to unauthorized changes to factory automation configurations or operations.
Who's at risk
Manufacturing plants and facilities that use Rockwell Automation's FactoryTalk Vantagepoint for automation control, monitoring, or engineering workstations. This affects anyone who logs into the web interface as an operator, engineer, or administrator.
How it could be exploited
An attacker creates a phishing email or malicious web page that tricks a user into clicking a link while logged into FactoryTalk Vantagepoint. This allows the attacker to either hijack the user's session or perform a cross-site request forgery (CSRF) attack to execute commands as that user without their knowledge.
Prerequisites
  • User must click on attacker-controlled link or visit attacker-controlled page
  • User must be authenticated to FactoryTalk Vantagepoint at the time of attack
  • FactoryTalk Vantagepoint must be accessible via web browser
remotely exploitableuser interaction requiredhigh attack complexityaffects factory automation configuration and operations
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk Vantagepoint: < 8.408.408.40
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGProvide user training on phishing and social engineering attacks; emphasize not clicking links in unsolicited emails or visiting untrusted websites
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk Vantagepoint to version 8.40 or later
HARDENINGImplement email filtering and anti-phishing controls to block malicious links and suspicious attachments
Long-term hardening
0/1
HARDENINGReview and apply Rockwell Automation's Security Best Practices for FactoryTalk Vantagepoint deployments
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ed1d6b36-d7b5-41f2-9898-8c9853d2681b
Rockwell Automation FactoryTalk Vantagepoint | CVSS 7.1 - OTPulse