Source |
CVE Liste |
Identifiant |
8401601 |
Date de publication |
2023-10-27 19:15:41 (vue: 2023-10-27 21:08:47) |
Titre |
CVE-2023-46290 |
Texte |
En raison d'une logique de code inadéquate, un acteur de menace auparavant non authentifié pourrait potentiellement obtenir un jeton utilisateur local du système d'exploitation Windows via FactoryTalk & acirc; & reg;Service Web Service Web, puis utilisez le jeton pour se connecter à FactoryTalk & acirc; & reg;Plateforme de services.Cette vulnérabilité ne peut être exploitée que si l'utilisateur autorisé ne se connectait pas auparavant à FactoryTalk & Acirc; & Reg;Service Web de plateforme de services.
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service. |
Envoyé |
Oui |
Condensat |
2023 46290 actor authorized can code could cve did due exploited factorytalkâ® inadequate local log logic not obtain only platform potentially previously service services then threat through token unauthenticated use user vulnerability web windows |
Tags |
Vulnerability
Threat
|
Stories |
|
Notes |
|
Move |
|