Vulnerability-Lookup

CNVD-2025-00984

Vulnerability from cnvd - Published: 2025-01-15

Title

Rockwell Automation FactoryTalk Transaction Manager拒绝服务漏洞

Description

Rockwell Automation FactoryTalk Transaction Manager是美国罗克韦尔（Rockwell Automation）公司的一个用于保存数据库数据的控制系统。 Rockwell Automation FactoryTalk Transaction Manager处理400端口访问存在安全漏洞，远程攻击者可以利用该漏洞提交特殊的请求，可消耗大量cpu和内存资源，造成拒绝服务攻击。

Severity

高

Patch Name

Rockwell Automation FactoryTalk Transaction Manager拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139744

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-2778

Impacted products

Name
Rockwell Automation FactoryTalk Transaction Manager

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-2778",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-2778"
    }
  },
  "description": "Rockwell Automation FactoryTalk Transaction Manager\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u4fdd\u5b58\u6570\u636e\u5e93\u6570\u636e\u7684\u63a7\u5236\u7cfb\u7edf\u3002\n\nRockwell Automation FactoryTalk Transaction Manager\u5904\u7406400\u7aef\u53e3\u8bbf\u95ee\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u6d88\u8017\u5927\u91cfcpu\u548c\u5185\u5b58\u8d44\u6e90\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139744",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-00984",
  "openTime": "2025-01-15",
  "patchDescription": "Rockwell Automation FactoryTalk Transaction Manager\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u4fdd\u5b58\u6570\u636e\u5e93\u6570\u636e\u7684\u63a7\u5236\u7cfb\u7edf\u3002\r\n\r\nRockwell Automation FactoryTalk Transaction Manager\u5904\u7406400\u7aef\u53e3\u8bbf\u95ee\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u6d88\u8017\u5927\u91cfcpu\u548c\u5185\u5b58\u8d44\u6e90\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rockwell Automation FactoryTalk Transaction Manager\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Rockwell Automation FactoryTalk Transaction Manager"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-2778",
  "serverity": "\u9ad8",
  "submitTime": "2023-06-19",
  "title": "Rockwell Automation FactoryTalk Transaction Manager\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2023-2778 (GCVE-0-2023-2778)

Vulnerability from cvelistv5 – Published: 2023-06-13 20:35 – Updated: 2025-03-05 18:57

Title

Rockwell Automation FactoryTalk Transaction Manager Vulnerable to Denial-Of-Service

Summary

A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

Rockwell

References

URL

Tags

https://rockwellautomation.custhelp.com/app/answe…

Impacted products

	Vendor	Product	Version
	Rockwell Automation	FactoryTalk Transaction Manager	Affected: <=v13.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:33:05.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139744"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2778",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:39:13.617844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:57:49.583Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FactoryTalk Transaction Manager",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=v13.10"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS.\u003c/span\u003e"
            }
          ],
          "value": "\nA denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-13T20:35:18.449Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139744"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers using the affected software are encouraged to apply the risk mitigations below, if possible. Additionally, we encourage our customers to implement our suggested security best practices to minimize the risk of the vulnerability.\u003c/span\u003e\u003cul\u003e\u003cli\u003eCustomers should follow the instructions in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138425\"\u003eBF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10\u003c/a\u003e\u0026nbsp;to install the patch to mitigate the issue.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nCustomers using the affected software are encouraged to apply the risk mitigations below, if possible. Additionally, we encourage our customers to implement our suggested security best practices to minimize the risk of the vulnerability.  *  Customers should follow the instructions in  BF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138425 \u00a0to install the patch to mitigate the issue.\n\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rockwell Automation FactoryTalk Transaction Manager Vulnerable to Denial-Of-Service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2023-2778",
    "datePublished": "2023-06-13T20:35:18.449Z",
    "dateReserved": "2023-05-17T18:40:49.427Z",
    "dateUpdated": "2025-03-05T18:57:49.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-00984

CVE-2023-2778 (GCVE-0-2023-2778)

Tags

Sightings

Nomenclature