CVE-2024-21915:
Privilege escalation vulnerability in Rockwell Automation FactoryTalk Service Platform (FTSP) that could allow a malicious user with basic privileges to sign in and obtain FTSP Administrator privileges, potentially enabling reading and modification of sensitive data, data deletion, and system unavailability.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.8High- Published Date:Feb 16, 2024
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.4
- EPSS Percentile:62%
Exploitability
- Score:2.8
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Privilege escalation vulnerability in Rockwell Automation FactoryTalk Service Platform (FTSP) that could allow a malicious user with basic privileges to sign in and obtain FTSP Administrator privileges, potentially enabling reading and modification of sensitive data, data deletion, and system unavailability.
Overview
Rockwell Automation’s FactoryTalk Service Platform (FTSP) exposes a privilege escalation vulnerability in its web service functionality. A malicious actor with basic user privileges could authenticate and escalate to FTSP Administrator privileges, enabling unauthorized access to sensitive data, data manipulation, deletion, and potential service disruption. The vulnerability affects FTSP versions older than 2.74 and is rated as critical due to its network-based attack vector, lack of required user interaction, and the potential to fully compromise the system. The issue aligns with CWE-732: Incorrect Permission Assignment for Critical Resource.
Remediation
- Apply patch: Update FTSP to version 2.74 or later immediately.
- If patching is not feasible right away:
- Restrict network exposure of FTSP web services (firewall rules, access control lists, VPN isolation).
- Enforce strong authentication and principle of least privilege; disable or tightly control administrative access.
- Disable web service functionality if not required, or segment FTSP behind secure network controls.
- Implement and follow Rockwell Security Best Practices (link provided in advisory) to harden the environment.
- Enable and monitor auditing/logging for sign-ins and administrative actions; set up alerts for unusual or elevated access attempts.
- Validate configurations after remediation to ensure no elevation paths remain and confirm expected access controls.
- Verify remediation by testing access paths to FTSP administrative functions and confirming that privilege escalation is not possible from basic user accounts.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
