CVE-2021-27470 : What You Need to Know
Learn about CVE-2021-27470, a critical deserialization vulnerability in Rockwell Automation FactoryTalk AssetCentre allowing remote attackers to execute arbitrary commands, impacting system confidentiality.
A deserialization vulnerability in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier could allow a remote attacker to execute arbitrary commands, posing a critical risk with a CVSS base score of 10.
Understanding CVE-2021-27470
This CVE refers to a deserialization vulnerability in FactoryTalk AssetCentre, potentially enabling remote, unauthenticated attackers to run arbitrary commands, resulting in severe consequences.
What is CVE-2021-27470?
This CVE describes a flaw in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre handles serialized data, opening a door for remote attackers to execute malicious commands.
The Impact of CVE-2021-27470
The vulnerability allows unauthenticated attackers to take advantage of FactoryTalk AssetCentre, potentially leading to the execution of arbitrary commands, compromising system confidentiality.
Technical Details of CVE-2021-27470
The vulnerability is rated critical with a CVSS base score of 10 due to its low attack complexity, network-based attack vector, and high availability impact.
Vulnerability Description
The LogService.rem service in FactoryTalk AssetCentre fails to properly verify serialized data, enabling remote attackers to execute arbitrary commands.
Affected Systems and Versions
Rockwell Automation FactoryTalk AssetCentre versions equal to or below v10.00 are impacted by this vulnerability.
Exploitation Mechanism
Remote, unauthenticated attackers can exploit this vulnerability to run arbitrary commands in the affected FactoryTalk AssetCentre instances.
Mitigation and Prevention
To address CVE-2021-27470, Rockwell Automation recommends upgrading to AssetCentre v11 or above and implementing additional security measures.
Immediate Steps to Take
Users of the affected versions should update to AssetCentre v11 or higher. Additionally, consider implementing IPsec to minimize exposure to unauthorized clients.
Long-Term Security Practices
Follow best practices like running software with minimal privileges, using trusted software and patches, and securing network devices behind firewalls.
Patching and Updates
Ensure all software is up-to-date, follow security guidance from Rockwell Automation, and consider using AppLocker or similar applications for risk mitigation.