What is CVE-2021-27474?

CVE-2021-27474 is a critical-severity vulnerability in Rockwell Automation Factorytalk Assetcentre, classified under CWE-676. CVSS score: 10.0/10. Published 2022-03-23.

How severe is CVE-2021-27474?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Vulnerability in Rockwell Automation Factorytalk Assetcentre

CVE-2021-27474

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryT…

EPSS: 0.001 (26.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H.

Affected products

Rockwell Automation Factorytalk Assetcentre — versions unspecified

Weakness classification (CWE)

CWE-676

References

www.cisa.gov/uscert/ics/advisories/icsa-21-091-01 (x_refsource_CONFIRM)
idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-27474?: CVE-2021-27474 is a critical-severity vulnerability in Rockwell Automation Factorytalk Assetcentre, classified under CWE-676. CVSS score: 10.0/10. Published 2022-03-23.
How severe is CVE-2021-27474?: Critical severity. CVSS v3 base score is 10.0 out of 10.