CVE-2021-27472 : Vulnerability Insights and Analysis

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, allowing for the execution of remote unauthenticated arbitrary SQL statements. It has a CVSS base score of 10.0.

Understanding CVE-2021-27472

This CVE pertains to a critical SQL injection vulnerability in Rockwell Automation FactoryTalk AssetCentre.

What is CVE-2021-27472?

CVE-2021-27472 is a vulnerability in FactoryTalk AssetCentre that enables the execution of unauthorized SQL commands remotely.

The Impact of CVE-2021-27472

The impact of this vulnerability is classified as CRITICAL due to its potential for high confidentiality and availability impacts.

Technical Details of CVE-2021-27472

The vulnerability allows for the execution of remote unauthenticated arbitrary SQL statements.

Vulnerability Description

The RunSearch function in SearchService of FactoryTalk AssetCentre v10.00 and earlier is susceptible to SQL injection attacks.

Affected Systems and Versions

Rockwell Automation FactoryTalk AssetCentre versions up to and including v10.00 are affected by this vulnerability.

Exploitation Mechanism

The vulnerability can be exploited over the network with low attack complexity.

Mitigation and Prevention

To address CVE-2021-27472, Rockwell Automation recommends immediate software updates and additional security configurations.

Immediate Steps to Take

Users of affected versions should update to AssetCentre v11 or above. Additional security features within FactoryTalk AssetCentre can also be used to mitigate the risk.

Long-Term Security Practices

Implement the principle of least privilege, use trusted software, and restrict network exposure for control system devices.

Patching and Updates

Regularly apply software patches, use antivirus programs, and secure remote access with virtual private networks (VPNs).