CVE-2024-21915:Privilege escalation vulnerability in Rockwell Automation FactoryTalk Service Platform (FTSP) that could allow a malicious user with basic privileges to sign in and obtain FTSP Administrator privileges, potentially enabling reading and modification of sensitive data, data deletion, and system unavailability.

splash
Back

Description Preview

Rockwell Automation FactoryTalk Service Platform contains a network-exposed privilege escalation flaw via its web service functionality. If exploited, a user with only basic group privileges could sign into FTSP and elevate to the Administrator Group, enabling an attacker to read and modify sensitive data, delete data, and render the FTSP system unavailable. The issue affects FTSP versions prior to 2.74. It carries a CVSS v3.1 base score of 9.0 (CRITICAL) with attack vector over the network, no required user interaction, and a scope change indicating that the attacker’s actions could affect multiple resources. The root cause is categorized as CWE-732: Incorrect Permission Assignment for Critical Resource.

Overview

Rockwell Automation’s FactoryTalk Service Platform (FTSP) exposes a privilege escalation vulnerability in its web service functionality. A malicious actor with basic user privileges could authenticate and escalate to FTSP Administrator privileges, enabling unauthorized access to sensitive data, data manipulation, deletion, and potential service disruption. The vulnerability affects FTSP versions older than 2.74 and is rated as critical due to its network-based attack vector, lack of required user interaction, and the potential to fully compromise the system. The issue aligns with CWE-732: Incorrect Permission Assignment for Critical Resource.

Remediation

  • Apply patch: Update FTSP to version 2.74 or later immediately.
  • If patching is not feasible right away:
    • Restrict network exposure of FTSP web services (firewall rules, access control lists, VPN isolation).
    • Enforce strong authentication and principle of least privilege; disable or tightly control administrative access.
    • Disable web service functionality if not required, or segment FTSP behind secure network controls.
    • Implement and follow Rockwell Security Best Practices (link provided in advisory) to harden the environment.
    • Enable and monitor auditing/logging for sign-ins and administrative actions; set up alerts for unusual or elevated access attempts.
    • Validate configurations after remediation to ensure no elevation paths remain and confirm expected access controls.
  • Verify remediation by testing access paths to FTSP administrative functions and confirming that privilege escalation is not possible from basic user accounts.

References

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Low
    Manufacturing
  2. Transportation & Warehousing: Low
    Transportation & Warehousing
  3. Educational Services: Low
    Educational Services
  4. Utilities: Low
    Utilities
  5. Accommodation & Food Services: Low
    Accommodation & Food Services
  6. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  7. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  8. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  9. Construction: Low
    Construction
  10. Finance and Insurance: Low
    Finance and Insurance
  11. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  12. Information: Low
    Information
  13. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  14. Mining: Low
    Mining
  15. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  16. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  17. Public Administration: Low
    Public Administration
  18. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  19. Retail Trade: Low
    Retail Trade
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background