CVE-2021-27472

CRITICAL10.0Injection

Description

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

High

Affected products

Rockwell Automation / FactoryTalk® AssetCentreunspecified – v10.00

References

VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-091-01
MISChttps://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1130831