CVE-2021-27468 : Security Advisory and Response
Learn about CVE-2021-27468, a critical SQL injection vulnerability in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, allowing remote attackers to execute arbitrary SQL statements. Find mitigation strategies and immediate steps to secure your systems.
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier are affected by a SQL injection vulnerability that allows remote, unauthenticated attackers to execute arbitrary SQL statements. This can lead to unauthorized access and potential data compromise. Read on to understand the impact, technical details, and mitigation strategies for CVE-2021-27468.
Understanding CVE-2021-27468
FactoryTalk AssetCentre is a product of Rockwell Automation. The vulnerability in version 10.00 and earlier exposes functions lacking proper authentication, potentially enabling attackers to exploit this weakness.
What is CVE-2021-27468?
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. As a result, a remote, unauthenticated attacker can execute arbitrary SQL statements, posing a significant security risk.
The Impact of CVE-2021-27468
The vulnerability's CVSS base score of 10 classifies it as critical. With high impacts on availability and confidentiality, this flaw can allow malicious actors to compromise sensitive data and disrupt operations without requiring any user interaction.
Technical Details of CVE-2021-27468
Vulnerability Description
The SQL injection vulnerability in the AosService.rem service of FactoryTalk AssetCentre allows remote attackers to execute arbitrary SQL commands, potentially gaining unauthorized access to the system and its data.
Affected Systems and Versions
Rockwell Automation FactoryTalk AssetCentre versions up to v10.00 are susceptible to this security flaw, leaving them open to exploitation by threat actors seeking to manipulate SQL queries.
Exploitation Mechanism
The vulnerability arises from inadequate authentication controls within the service, enabling remote attackers to craft and execute malicious SQL queries, leading to data breaches and system compromise.
Mitigation and Prevention
To address CVE-2021-27468 and enhance security posture, users and administrators are advised to take immediate steps and adopt long-term security practices.
Immediate Steps to Take
- Update to AssetCentre v11 or above to mitigate the vulnerability.
- Utilize built-in security features within FactoryTalk AssetCentre if upgrading is not feasible.
Long-Term Security Practices
- Operate software as a User to minimize the impact of malicious code.
- Implement least-privilege user principles to restrict access to shared resources.
- Deploy firewalls to isolate control system networks and devices.
- Utilize virtual private networks (VPNs) for secure remote access.
Patching and Updates
Stay informed about security patches and updates from Rockwell Automation to safeguard against known vulnerabilities and enhance system resilience.