CVE-2023-2778: Rockwell Automation FactoryTalk Transaction Manager Vulnerable to Denial-Of-Service
First published: Tue Jun 13 2023(Updated: )
A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Factorytalk Transaction Manager | <=13.10 |
Remedy
Customers using the affected software are encouraged to apply the risk mitigations below, if possible. Additionally, we encourage our customers to implement our suggested security best practices to minimize the risk of the vulnerability. * Customers should follow the instructions in BF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138425 to install the patch to mitigate the issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-2778?
CVE-2023-2778 is a denial-of-service vulnerability in Rockwell Automation FactoryTalk Transaction Manager.
How does CVE-2023-2778 affect Rockwell Automation FactoryTalk Transaction Manager?
CVE-2023-2778 can be exploited by sending a modified packet to port 400, which could potentially crash or cause high CPU or memory usage in the application.
What is the severity of CVE-2023-2778?
CVE-2023-2778 has a severity rating of high with a CVSS score of 7.5.
How can CVE-2023-2778 be fixed?
To fix CVE-2023-2778, it is recommended to update Rockwell Automation FactoryTalk Transaction Manager to a version that addresses the vulnerability.
Where can I find more information about CVE-2023-2778?
More information about CVE-2023-2778 can be found at the following link: [https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139744](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139744)
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/title
- agent/remedy
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/description
- agent/tags
- agent/event
- vendor/rockwellautomation
- canonical/rockwellautomation factorytalk transaction manager
- version/rockwellautomation factorytalk transaction manager/13.10