Claroty researchers have discovered nine vulnerabilities impacting Rockwell Automation’s FactoryTalk AssetCentre – an ICS-specific backup solution. The vulnerabilities have been given the maximum CVSS v3 base score of 10.0.
Three of the discovered vulnerabilities are deserialization vulnerabilities that can allow an unauthenticated hacker to remotely access FactoryTalk AssetCentre and execute an arbitrary code in it.
One flaw tracked as CVE-2021-27460 may allow an unauthenticated attacker to get full access to the FactoryTalk AssetCentre main server and agent machines and remotely execute code.
To Read More: Helpnetsecurity