Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.
References
Link | Resource |
---|---|
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043 | Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-10-17 15:15
Updated : 2022-10-20 07:42
NVD link : CVE-2022-3158
Mitre link : CVE-2022-3158
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
rockwellautomation
- factorytalk_vantagepoint