CVE-2021-27470
DESERIALIZATION OF UNTRUSTED DATA CWE-502
A deserialization vulnerability exists in how the LogService.rem service in FactoryTalk AssetCentre verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
Read more: Critical Vulnerabilities Found in Rockwell FactoryTalk AssetCentre
Risk Information
- CVE ID
- CVE-2021-27470
- Vendor
- Rockwell Automation
- Product
- FactoryTalk AssetCentre
- CVSS v3
- 10