Rewterz Threat Advisory – Citrix Hypervisor Security Update
April 1, 2021Rewterz Threat Advisory – CVE-2021-21982 – VMware Carbon Black Cloud Workload appliance security bypass
April 2, 2021Rewterz Threat Advisory – Citrix Hypervisor Security Update
April 1, 2021Rewterz Threat Advisory – CVE-2021-21982 – VMware Carbon Black Cloud Workload appliance security bypass
April 2, 2021Severity
Medium
Analysis Summary
CVE-2021-27462
A deserialization vulnerability exists in how the AosService.rem service in FactoryTalk AssetCentre verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
CVE-2021-27466
A deserialization vulnerability exists in how the ArchiveService.rem service in FactoryTalk AssetCentre verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
CVE-2021-27470
A deserialization vulnerability exists in how the LogService.rem service in FactoryTalk AssetCentre verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
CVE-2021-27474
FactoryTalk AssetCentre does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.
CVE-2021-27476
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
CVE-2021-27472
A vulnerability exists in the RunSearch function of SearchService service, which may allow for the execution of remote unauthenticated arbitrary SQL statements.
CVE-2021-27468
The AosService.rem service exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
CVE-2021-27464
The ArchiveService.rem service exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
CVE-2021-27460
FactoryTalk AssetCentre components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.
Impact
- Arbitrary command execution
- SQL injection
- Remote code execution
Affected Vendors
Rockwell Automation
Affected Products
FactoryTalk AssetCentre
v10.00 and earlier
Remediation
Refer to ICS advisory for the complete list of affected products and their respective patches.