CVE-2022-3158
HIGHRockwell Automation FactoryTalk VantagePoint 8.0-8.31 - Authenticated SQL Injection
Title source: llmDescription
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.
References (1)
Core 1
Core References
Permissions Required, Vendor Advisory
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043
Scores
CVSS v3
8.8
EPSS
0.0017
EPSS Percentile
37.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (5)
rockwellautomation/factorytalk_vantagepoint
8.0
rockwellautomation/factorytalk_vantagepoint
8.10
rockwellautomation/factorytalk_vantagepoint
8.20
rockwellautomation/factorytalk_vantagepoint
8.30
rockwellautomation/factorytalk_vantagepoint
8.31
Published
Oct 17, 2022
Tracked Since
Feb 18, 2026