Improper Access Control

CVE-2023-1834

High

9.4/10

Summary

Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: HIGH

CWE-284 - Improper Access Control

Listed 5th in the 'OWASP Top Ten', improper (or broken) access control attacks are a fundamental type of vulnerability. This includes a broad range of design flaws that enable users to act outside of their intended permissions. They can use these privileges to gain access to restricted files and functionality such as accessing restricted information, falsifying records, destroying data, or executing commands.

References

Advisory Timeline

Published May 11, 2023

Improper Access Control

CVE-2023-1834

Summary

CWE-284 - Improper Access Control

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS