CVE-2022-38743
HIGHRockwell Automation FactoryTalk VantagePoint <8.31 - Privilege Esca...
Title source: llmDescription
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data.
References (1)
Core 1
Core References
Permissions Required, Vendor Advisory
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043
Scores
CVSS v3
8.8
EPSS
0.0010
EPSS Percentile
27.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (5)
rockwellautomation/factorytalk_vantagepoint
8.0
rockwellautomation/factorytalk_vantagepoint
8.10
rockwellautomation/factorytalk_vantagepoint
8.20
rockwellautomation/factorytalk_vantagepoint
8.30
rockwellautomation/factorytalk_vantagepoint
8.31
Published
Oct 17, 2022
Tracked Since
Feb 18, 2026