CVE-2022-38743 Rockwell Automation VantagePoint versions 8.0 to 8.31 are vulnerable to an improper access control vulnerability.

If a user has the ability to execute SQL statements from their VantagePoint login, they could potentially exploit this vulnerability. This could allow the attacker to gain access to data or inject data into the back-end database. VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data. VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data. Cisco Unified Computing system versions prior to 8.0 are vulnerable to an improper access control vulnerability. A user with read-only privileges could potentially exploit this vulnerability. If successfully exploited, this could allow the attacker to gain access to data or inject data into the back-end database. This vulnerability has been assigned Common Vulnerability and Exposure number CVE-2018-0297. Cisco Unified Computing system versions 8.0 and 8.1 are vulnerable to an improper access

Disclosure Timeline

A vulnerability was identified in VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 and the FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data. Cisco Unified Computing system versions prior to 8.0 are vulnerable to an improper access control vulnerability and a user with read-only privileges could potentially exploit this vulnerability. If successfully exploited, this could allow the attacker to gain access to data or inject data into the back-end database. This vulnerability has been assigned Common Vulnerability and Exposure number CVE-2018-0297. VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability and the FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database if successfully exploited by a malicious user with write permissions for that account on that system version? The Cisco Unified Computing system versions prior to 8.0 are vulnerable to an improper access control vulnerability and a malicious user with read/write privilege for that account on those systems might be able to exploit this weakness depending on how they establish their credentials for that account?
The following tables provide timeline information about when Cisco Security Advisories were sent

What is the FactoryTalk VantagePoint?

The FactoryTalk VantagePoint is software that provides a single platform for all data management, processing, and analysis. Using the simple to use intuitive graphical user interface (GUI), users can create and maintain complete environments with powerful analytics capabilities. The FactoryTalk VantagePoint is used in manufacturing environments where there are multiple departments involved in the operation of a company's manufacturing process.

Timeline

Published on: 10/17/2022 21:15:00 UTC
Last modified on: 10/19/2022 17:55:00 UTC

References