CVE-2024-21917

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Jan 31, 2024

Updated: Feb 8, 2024

CWE ID 347

Summary

CVE-2024-21917 is a vulnerability affecting Rockwell Automation's FactoryTalk® Service Platform. Malicious users can obtain a service token and use it for authentication on another FTSP directory without proper digital signing verification. This weakness exposes the risk of unauthorized access, allowing potential data theft and unauthorized setting modifications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Factorytalk Services Platform

Affected Vendors

Rockwell Automation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uA34DI
https://www.cve.org/CVERecord?id=CVE-2024-21917
https://nvd.nist.gov/vuln/detail/CVE-2024-21917

Back to Vulnerability Database