← back
CVE-2022-38743

CVE-2022-38743

CVSS 8.8 HIGHEPSS 1.3%CWE-284
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · FactoryTalk VantagePoint

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043