Rockwell Automation FactoryTalk Services Platform

Plan Patch8.1ICS-CERT ICSA-23-299-06Oct 26, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

FactoryTalk Services Platform v2.74 contains an authentication vulnerability (CWE-287) that allows an attacker with a token to log into the system without proper credential validation. The vulnerability has high attack complexity.

What this means

What could happen

An attacker who obtains a valid token could gain unauthorized access to FactoryTalk Services Platform, allowing them to view or modify industrial process configurations, plant data, and control logic without using legitimate credentials.

Who's at risk

Organizations operating Rockwell Automation FactoryTalk Services Platform (v2.74) should be concerned, particularly those using it for plant-wide process configuration, data management, or engineering workstations. This affects manufacturing facilities, batch processors, and any facility using FactoryTalk as a central engineering or data platform.

How it could be exploited

An attacker must first obtain a valid authentication token (through social engineering, network interception, or credential compromise), then use that token to bypass normal login controls and authenticate to the FactoryTalk Services Platform. High attack complexity suggests significant prerequisites or situational factors are required, such as specific network conditions or configurations.

Prerequisites

Valid authentication token for FactoryTalk Services Platform
Network access to FactoryTalk Services Platform host or service port
Token must remain valid or unexpired

remotely exploitableauthentication bypasshigh CVSS score (8.1)access to control system configuration data

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

FactoryTalk Services Platform: v2.74v2.742.80

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to FactoryTalk Services Platform by implementing firewall rules to limit connectivity to authorized engineering and administrative workstations only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk Services Platform to version 2.80 or later

Long-term hardening

0/2

HARDENINGIsolate FactoryTalk Services Platform on a dedicated network segment separate from business networks and the internet

HARDENINGIf remote access is required, implement VPN access with authentication and access controls

CVEs (1)

CVE-2023-46290

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ff477d89-3bee-4a21-826f-c5b8c283406c