2024-06-25 16:00:33 +00:00
{
2024-07-16 17:00:34 +00:00
"data_version" : "4.0" ,
2024-06-25 16:00:33 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2024-6326" ,
2024-07-16 17:00:34 +00:00
"ASSIGNER" : "PSIRT@rockwellautomation.com" ,
"STATE" : "PUBLIC"
2024-06-25 16:00:33 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2024-07-16 17:00:34 +00:00
"value" : "An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk\u00ae System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which\u00a0temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-269 Improper Privilege Management" ,
"cweId" : "CWE-269"
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "Rockwell Automation" ,
"product" : {
"product_data" : [
{
"product_name" : "FactoryTalk\u00ae System Services (installed via FTPM)" ,
"version" : {
"version_data" : [
{
"version_affected" : "=" ,
"version_value" : "v6.40"
}
]
}
} ,
{
"product_name" : "FactoryTalk\u00ae Policy Manager (FTPM)" ,
"version" : {
"version_data" : [
{
"version_affected" : "=" ,
"version_value" : "v6.40"
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html" ,
"refsource" : "MISC" ,
"name" : "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html"
2024-06-25 16:00:33 +00:00
}
]
2024-07-16 17:00:34 +00:00
} ,
"generator" : {
"engine" : "Vulnogram 0.2.0"
} ,
"source" : {
"advisory" : "SD1678" ,
"discovery" : "INTERNAL"
} ,
"solution" : [
{
"lang" : "en" ,
"supportingMedia" : [
{
"base64" : false ,
"type" : "text/html" ,
"value" : " \ n \ n < p > U s e r s u s i n g t h e a f f e c t e d s o f t w a r e a r e e n c o u r a g e d t o i m p l e m e n t t h e f o l l o w i n g s t e p s t o i n v a l i d a t e t h e e x i s t i n g v u l n e r a b l e p r i v a t e k e y s / d i g i t a l c e r t i f i c a t e s a n d r e g e n e r a t e n e w s e c u r e o n e s . < / p > < p > < a t a r g e t = \ " _ b l a n k \ " r e l = \ " n o f o l l o w \ " > < / a > < a t a r g e t = \ " _ b l a n k \ " r e l = \ " n o f o l l o w \ " > < / a > < a t a r g e t = \ " _ b l a n k \ " r e l = \ " n o f o l l o w \ " > < / a > < a t a r g e t = \ " _ b l a n k \ " r e l = \ " n o f o l l o w \ " > \ u 0 0 b 7 & n b s p ; & n b s p ; & n b s p ; C l e a r C I P S e c u r i t y c o n f i g u r a t i o n s f r o m d e v i c e s a n d f r o m F a c t o r y T a l k \ u 0 0 a e P o l i c y M a n a g e r < / a > < / p > < p > \ u 0 0 b 7 & n b s p ; & n b s p ; & n b s p ; U p d a t e F a c t o r y T a l k \ u 0 0 a e S y s t e m S e r v i c e s a n d F a c t o r y T a l k \ u 0 0 a e P o l i c y M a n a g e r t o v 6.40 . 0 1 < / p > < p > \ u 0 0 b 7 & n b s p ; & n b s p ; & n b s p ; R e d e p l o y C I P S e c u r i t y P o l i c y < / p > < p > D e t a i l e d s t e p s a r e b e l o w < b > ( F a c t o r y T a l k S y s t e m S e r v i c e s ( F T S S ) i s u p d a t e d t h r o u g h t h e i n s t a l l a t i o n o f F a c t o r y T a l k P o l i c y M a n a g e r ( F T P M ) < / b > < / p > < p > 1 ) & n b s p ; & n b s p ; R e m o v e d e p l o y e d s e c u r i t y p o l i c y f r o m a l l d e v i c e s u s i n g F a c t o r y T a l k \ u 0 0 a e P o l i c y M a n a g e r ( F T P M ) : < / p > < p > a . & n b s p ; & n b s p ; & n b s p ; O p e n F T P M . < / p > < p > b . & n b s p ; & n b s p ; & n b s p ; D o c u m e n t a l l Z o n e \ u 2019 s s e c u r i t y s e t t i n g s a n d a l l C o n d u i t \ u 2019 s s e t t i n g s a s y o u m u s t r e - c r e a t e t h e m a f t e r u p d a t i n g F T P M . < / p > < p > c . & n b s p ; & n b s p ; & n b s p ; C h a n g e a l l d e v i c e s p o r t \ u 2019 s P o l i c i e s & g t ; Z o n e v a l u e s t o t h e \ u 201 c U n a s s i g n e d \ u 201 d Z o n e . < / p > < p > d . & n b s p ; & n b s p ; & n b s p ; D e l e t e a l l z o n e s a n d c o n d u i t s . < / p > < p > e . & n b s p ; & n b s p ; & n b s p ; D e p l o y ( C I P ) . E n s u r e t h a t a l l e n d p o i n t s w e r e r e s e t s u c c e s s f u l l y . < / p > < p > f . & n b s p ; & n b s p ; & n b s p ; [ m i g r a t i n g f r o m v 6.40 o n l y ] D e p l o y ( O P C U A ) . E n s u r e a l l e n d p o i n t s w e r e r e s e t s u c c e s s f u l l y . < / p > < p > & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; & n b s p ; i . & n b s p ; & n b s p ; F o r a n y O P C U A c l i e n t s , p e r f o r m w h a t e v e r s t e p s a r e r e q u i r e d b y t h o s e c l i e n t s t o r e m o v e t h e p r e v i o u s l y a p p l i e d c e r t i f i c a t e s . < / p > < p > g . & n b s p ; & n b s p ; & n b s p ; C l o s e F T P M < / p > < p > 2 ) & n b s p ; & n b s p ; D e l e t e t h e \ \ F T S S _ b a c k u p f o l d e r : < / p > < p > a . & n b s p ; & n b s p ; & n b s p ; c : \ \ P r o g r a m D a t a \ \ R o c k w e l l \ \ R N A S e r v e r \ \ G l o b a l \ \ R n a S t o r e \ \ F T S S _ B a c k u p < / p > < p > 3 ) & n b s p ; & n b s p ; D e l e t e t h e \ \ k e y s t o r e f o l d e r : < / p > < p > a . & n b s p ; & n b s p ; & n b s p ; c : \ \ P r o g r a m D a t a \ \ R o c k w e l l A u t o m a t i o n \ \ F a c t o r y T a l k S y s t e m S e r v i c e s \ \ k e y s t o r e < / p > < p > 4 ) & n b s p ; & n b s p ; D e l e t e a n y b a c k u p c o p i e s o f t h e \ \ k e y s t o r e f o l d e r . T h e y w i l l b e n a m e d t h e s a m e a s t h e \ \ k e y s t o r e f o l d e r b u t w i t h a s u f f i x a p p e n d e d t o i t , l i k e : < / p > < p > a . & n b s p ; & n b s p ; & n b s p ; c : \ \ P r o g r a m D a t a \ \ R o c k w e l l A u t o m a t i o n \ \ F a c t o r y T a l k S y s t e m S e r v i c e s \ \ k e y s t o r e _ s o u r c e _ 2024 _ 0 4 _ 25 _ 12 _ 25 _ 38 _ 541566 < / p > < p > 5 ) & n b s p ; & n b s p ; D e l e t e t h e P S K s . j s o n f i l e : < / p > < p > a . & n b s p ; & n b s p ; & n b s p ; c : \ \ P r o g r a m D a t a \ \ R o c k w e l l A u t o m a t i o n \ \ F a c t o r y T a l k S y s t e m S e r v i c e s \ \ P S K s . j s o n < / p > < p > 6 ) & n b s p ; & n b s p ; D e l e t e a n y b a c k u p c o p i e s o f t h e P S K s . j s o n f i l e . T h e y w i l l b e n a m e d t h e s a m e a s t h e P S K s . j s o n f i l e b u t w i t h a s u f f i x a p p e n d e d t o i t , l i k e : < / p > < p > a . & n b s p ; & n b s p ; & n b s p ; c : \ \ P r o g r a m D a t a \ \ R o c k w e l l A u t o m a t i o n \ \ F a c t o r y T a l k S y s t e m S e r v i c e s \ \ P S K s . j s o n _ s o u r c e _ 2024 _ 0 5 _ 17 _ 0 7 _ 38 _ 25 _ 200356 < / p > < p > 7 ) & n b s p ; & n b s p ; I n s t a l l F a c t o r y T a l k \ u 0 0 a e P o l i c y M a n a g e r v e r s i o n 6.40 . 0 1 . < / p > < p > a . & n b s p ; & n b s p ; & n b s p ; R e s t a r t t h e c o m p u t e r w h e n p r o m p t e d a t t h e e n d o f t h e i n s t a l l . < / p > < p > 8 ) & n b s p ; & n b s p ; O p e n F T P M . F T P M w i l l a t t e m p t t o c o n n e c t t o t h e F a c t o r y T a l k \ u 0 0 a e S y s t e m S e r v i c e s w e b s e r v e r b e f o r e p r o c e e d i n g . < / p > < p > 9 ) & n b s p ; & n b s p ; I f F T P M c o u l d n o t s u c c e s s f u l l y c o n n e c t t o F a c t o r y T a l k \ u 0 0 a e S y s t e m S e r v i c e s ( F T S S ) , i t i s b e c a u s e t h e F T S S s e r v i c e h a s n \ u 2019 t s t a r t e d y e t . I t w i l l e v e n t u a l l y s t a r t o r e l s e y o u c a n s t a r t t h e F T S S s e r v i c e m a n u a l l y i n W i n d o w s S e r v i c e s . < / p > < p > 10 ) & n b s p ; R e - c r e a t e t h e o r i g i n a l Z o n e s . < / p > < p > 11 ) & n b s p ; M o v e t h e d e v i c e s f r o m t h e u n a s s i g n e d Z o n e b a c k t o t h e i r o r i g i n a l z o n e s . < / p > < p > 12 ) & n b s p ; R e - c r e a t e t h e o r i g i n a l C o n d u i t s . < / p > < p > 13 ) & n b s p ; D e p l o y ( C I P e n d p o i n t s ) . < / p > < p > 14 ) & n b s p ; [ m i g r a t i n g f r o m v 6.40 o n l y ] D e p l o y ( O P C U A e n d p o i n t s ) . < / p > < p > a . & n b s p ; & n b s p ; & n b s p ; F o r a n y O P C U A c l i e n t e n d p o i n t s , m a n u a l l y a p p l y t h e n e w l y g e n e r a t e d c e r t i f i c a t e s f r o m t h i s d e p l o y . < / p > < p > A d d i t i o n a l l y , w e e n c o u r a g e c u s t
}
] ,
"value" : "Users using the affected software are encouraged to implement the following steps to invalidate the existing vulnerable private keys/digital certificates and regenerate new secure ones.\n\n Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
]
2024-06-25 16:00:33 +00:00
}
