CVE-2024-21917: Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability
First published: Wed Jan 31 2024(Updated: )
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation FactoryTalk Services Platform | <=6.31.00 |
Remedy
Customers using Rockwell Automation FactoryTalk® Service Platform are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability. * Update to v6.40 or later. * Set DCOM authentication level to 6, Mitigating Microsoft DCOM Hardening Patch (CVE-2021-26414) for Affected Rockwell Automation Products (custhelp.com) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134040 * When it is not possible to update to v6.40 or later, enable verification of the publisher information (i.e., digital signature) of any executable attempting to use the FactoryTalk® Services APIs. This helps prevent a malicious user from calling the API to receive the service token. This setting can be changed from the Application Authorization node located within System Policies using the FactoryTalk® Administration Console application. * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-21917?
CVE-2024-21917 is classified as a critical severity vulnerability due to the potential for unauthorized access via service token exploitation.
How do I fix CVE-2024-21917?
To mitigate CVE-2024-21917, users should apply the latest security patches provided by Rockwell Automation for FactoryTalk Services Platform.
What is the impact of CVE-2024-21917?
The impact of CVE-2024-21917 allows a malicious user to gain unauthorized authentication access across FTSP directories.
Who is affected by CVE-2024-21917?
CVE-2024-21917 affects users of Rockwell Automation FactoryTalk® Service Platform versions up to 6.31.00.
Is there a workaround for CVE-2024-21917?
Currently, disabling the affected services temporarily can act as a workaround until the official patches are applied.
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/severity
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/rockwellautomation
- canonical/rockwell automation factorytalk services platform
- version/rockwell automation factorytalk services platform/6.31.00