CVE-2022-3158

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.
References
Link Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043 Permissions Required Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.0:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.10:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.20:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.30:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.31:*:*:*:*:*:*:*

Information

Published : 2022-10-17 15:15

Updated : 2022-10-20 07:42


NVD link : CVE-2022-3158

Mitre link : CVE-2022-3158


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

rockwellautomation

  • factorytalk_vantagepoint