Input Validation Vulnerability in Rockwell Automation FactoryTalk VantagePoint Allows Remote Code Execution

Input Validation Vulnerability in Rockwell Automation FactoryTalk VantagePoint Allows Remote Code Execution

CVE-2022-3158 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.