CVE-2021-27474 : Exploit Details and Defense Strategies
Learn about CVE-2021-27474 affecting Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier. Find out the impact, technical details, and mitigation steps for this critical vulnerability.
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier is affected by a vulnerability that allows remote, unauthenticated attackers to modify sensitive data. The vulnerability stems from improper restrictions on functions related to IIS remoting services.
Understanding CVE-2021-27474
This CVE pertains to a critical vulnerability in Rockwell Automation FactoryTalk AssetCentre that can result in unauthorized data modification by remote attackers.
What is CVE-2021-27474?
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier lacks proper function restrictions related to IIS remoting services. This allows attackers to tamper with critical data, posing a significant risk to affected systems.
The Impact of CVE-2021-27474
The vulnerability has a CVSS base score of 10.0, indicating critical severity. It can lead to high confidentiality impact and availability impact, with an attacker needing no privileges for exploitation.
Technical Details of CVE-2021-27474
Vulnerability Description
The vulnerability in FactoryTalk AssetCentre allows remote, unauthenticated attackers to modify sensitive data due to inadequate restrictions on IIS remoting services.
Affected Systems and Versions
The affected product is FactoryTalk AssetCentre by Rockwell Automation, specifically versions up to v10.00.
Exploitation Mechanism
The vulnerability can be exploited over the network with low attack complexity, requiring no user interaction and no privileges.
Mitigation and Prevention
Immediate Steps to Take
Users of impacted versions are strongly advised to update to FactoryTalk AssetCentre v11 or above to address the vulnerability. Additional mitigation involves utilizing built-in security features within FactoryTalk AssetCentre and following Rockwell Automation's guidance.
Long-Term Security Practices
To bolster security in the long term, users should adhere to software/PC-based mitigation strategies recommended by Rockwell Automation. Implement trusted software, regularly update patches, and minimize network exposure for control system devices.
Patching and Updates
Regularly update FactoryTalk AssetCentre to the latest version available. Implement security practices such as running software as a User, leveraging AppLocker, and ensuring the least privilege principle is followed.