What is the vulnerability ID for this cross site request forgery vulnerability?

The vulnerability ID for this cross site request forgery vulnerability is CVE-2023-2444.

What is the severity of CVE-2023-2444?

CVE-2023-2444 has a severity rating of 8.8 (high).

How does the cross site request forgery vulnerability in Rockwell Automation's FactoryTalk Vantagepoint work?

The vulnerability can be exploited if an attacker sends a malicious link to a computer on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link.

What version of FactoryTalk Vantagepoint is affected by this vulnerability?

FactoryTalk Vantagepoint up to version 8.40 is affected by this vulnerability.

How can I fix the cross site request forgery vulnerability in FactoryTalk Vantagepoint?

To fix the vulnerability, it is recommended to update FactoryTalk Vantagepoint to a version beyond 8.40.

Vulnerability/
CVE-2023-2444

high

8.8

CWE

352

11/5/2023

24/1/2025

CVE-2023-2444: CSRF

First published: Thu May 11 2023(Updated: )

A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well.

Credit: PSIRT@rockwellautomation.com

Affected Software	Affected Version	How to fix
Rockwellautomation Factorytalk Vantagepoint	<8.40

Remedy

Customers should upgrade to version 8.40 to fix the issue.

Never miss a vulnerability like this again

Reference Links

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139443

Frequently Asked Questions

What is the vulnerability ID for this cross site request forgery vulnerability?
The vulnerability ID for this cross site request forgery vulnerability is CVE-2023-2444.
What is the severity of CVE-2023-2444?
CVE-2023-2444 has a severity rating of 8.8 (high).
How does the cross site request forgery vulnerability in Rockwell Automation's FactoryTalk Vantagepoint work?
The vulnerability can be exploited if an attacker sends a malicious link to a computer on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link.
What version of FactoryTalk Vantagepoint is affected by this vulnerability?
FactoryTalk Vantagepoint up to version 8.40 is affected by this vulnerability.
How can I fix the cross site request forgery vulnerability in FactoryTalk Vantagepoint?
To fix the vulnerability, it is recommended to update FactoryTalk Vantagepoint to a version beyond 8.40.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/remedy
agent/author
agent/references
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/rockwellautomation
canonical/rockwellautomation factorytalk vantagepoint

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.