CVE-2023-2639
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2023-2639 is a vulnerability affecting Rockwell Automation's FactoryTalk System Services. The issue lies in the feedback mechanism used to transfer FactoryTalk Policy Manager rules to devices on the network. This mechanism fails to verify the origin of the communication, enabling a threat actor to impersonate a legitimate local client. By visiting a malicious website, an attacker can send a malicious script to the local WebSocket endpoint, gaining access to information such as whether FactoryTact Policy Manager is installed and potentially the entire security policy. This vulnerability poses a significant risk to industrial networks and could lead to unauthorized access and data theft.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Adobe Acrobat DC
- Adobe Acrobat Reader
- Adobe Acrobat
- Adobe Acrobat Reader DC
Affected Vendors
- Adobe