Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46290: Sign In

Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.

CVE
Open in Source
#vulnerability#web#windows#java#auth

JavaScript required

JavaScript is required. This web browser does not support JavaScript or JavaScript in this web browser is not enabled.

To find out if your web browser supports JavaScript or to enable JavaScript, see web browser help.

Related news

Rockwell's ICS Directive Comes as Critical Infrastructure Risk Peaks

Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE