Remote Unauthenticated SQL Injection Vulnerability in Rockwell Automation FactoryTalk AssetCentre

Remote Unauthenticated SQL Injection Vulnerability in Rockwell Automation FactoryTalk AssetCentre

CVE-2021-27472 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.