Improper Authorization
CVE-2016-4531
Summary
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- LOW
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
References
Advisory Timeline
- Published