Rockwell Automation FactoryTalk Services Platform could allow a remote authenticated attacker to obtain sensitive information, caused by origin validation errors. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information.
Rockwell Automation FactoryTalk Services Platform could allow a local authenticated attacker to bypass security restrictions, caused by improper authorization in FTSSBackupRestore.exe. By using a malicious backup archive. an attacker could exploit this vulnerability to cause the loading of malicious configuration archives.
Rockwell Automation FactoryTalk Services Platform contains default hardcoded cryptographic key. A local authenticated attacker could exploit this vulnerability to generate administrator cookies.
Rockwell Automation FactoryTalk Transaction Manager is vulnerable to a denial of service, caused by uncontrolled resource consumption flaw. By sending a modified packet to port 400, a remote attacker could exploit this vulnerability to cause a crash or experience a high CPU or memory usage condition.
Refer to Rockwell Automation Web site for patch, upgrade or suggested workaround information.