CVE-2021-27462

DESERIALIZATION OF UNTRUSTED DATA CWE-502
A deserialization vulnerability exists in how the AosService.rem service in FactoryTalk AssetCentre verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.

Read more: Critical Vulnerabilities Found in Rockwell FactoryTalk AssetCentre

Risk Information

  • CVE ID
  • CVE-2021-27462
  • Vendor
  • Rockwell Automation
  • Product
  • FactoryTalk AssetCentre
  • CVSS v3
  • 10