CVE-2021-32960

HIGH

Rockwellautomation Factorytalk Services Platform < 6.11.00 - Incorrect Authorization

Title source: rule

Description

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.

References (2)

[Permissions Required, Vendor Advisory] https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131785

[Mitigation, Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-21-161-01

Scores

CVSS v3 8.5

EPSS 0.0004

EPSS Percentile 10.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-693 CWE-863

Status published

Affected Products (1)

rockwellautomation/factorytalk_services_platform < 6.11.00

Timeline

Published Apr 01, 2022

Tracked Since Feb 18, 2026