What is CVE-2023-2639?

CVE-2023-2639 is a vulnerability in Rockwell Automation's FactoryTalk System Services that allows a threat actor to send malicious communication pretending to be a legitimate client.

What is the severity of CVE-2023-2639?

The severity of CVE-2023-2639 is medium, with a severity value of 4.7.

How does CVE-2023-2639 affect Rockwell Automation software?

CVE-2023-2639 affects Rockwell Automation's FactoryTalk Policy Manager and FactoryTalk System Services versions 6.11.0, allowing unauthorized communication from a threat actor.

How can I fix CVE-2023-2639?

To fix CVE-2023-2639, it is recommended to update Rockwell Automation's FactoryTalk Policy Manager and FactoryTalk System Services to a version that includes a fix, when available.

Where can I find more information about CVE-2023-2639?

You can find more information about CVE-2023-2639 at the following link: [https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683]

Vulnerability/
CVE-2023-2639

medium

4.7

CWE

346

13/6/2023

2/8/2024

CVE-2023-2639: Rockwell Automation FactoryTalk System Services Vulnerable to Sensitive Information Disclosure

First published: Tue Jun 13 2023(Updated: )

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device. If successfully exploited, this would allow a threat actor to receive information including whether FactoryTalk Policy Manager is installed and potentially the entire security policy.

Credit: PSIRT@rockwellautomation.com

Affected Software	Affected Version	How to fix
Rockwellautomation Factorytalk Policy Manager	=6.11.0
Rockwellautomation Factorytalk System Services	=6.11.0

Remedy

Customers using the affected software are encouraged to apply the risk mitigations, if possible. * Upgrade to 6.30.00 https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx or later which has been patched to mitigate these issues.

Never miss a vulnerability like this again

Reference Links

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683

Frequently Asked Questions

What is CVE-2023-2639?
CVE-2023-2639 is a vulnerability in Rockwell Automation's FactoryTalk System Services that allows a threat actor to send malicious communication pretending to be a legitimate client.
What is the severity of CVE-2023-2639?
The severity of CVE-2023-2639 is medium, with a severity value of 4.7.
How does CVE-2023-2639 affect Rockwell Automation software?
CVE-2023-2639 affects Rockwell Automation's FactoryTalk Policy Manager and FactoryTalk System Services versions 6.11.0, allowing unauthorized communication from a threat actor.
How can I fix CVE-2023-2639?
To fix CVE-2023-2639, it is recommended to update Rockwell Automation's FactoryTalk Policy Manager and FactoryTalk System Services to a version that includes a fix, when available.
Where can I find more information about CVE-2023-2639?
You can find more information about CVE-2023-2639 at the following link: [https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683]

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/author
agent/weakness
agent/references
agent/title
agent/description
agent/tags
agent/last-modified-date
agent/first-publish-date
agent/event
vendor/rockwellautomation
canonical/rockwellautomation factorytalk policy manager
version/rockwellautomation factorytalk policy manager/6.11.0
canonical/rockwellautomation factorytalk system services
version/rockwellautomation factorytalk system services/6.11.0