Rockwell Automation FactoryTalk Services Platform (ICSA-20-170-04) – Product Used in the Water and Wastewater Sector

CISA has published an advisory on an improper input validation vulnerability Rockwell Automation FactoryTalk Services Platform. All versions of FactoryTalk Services Platform are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute remote COM objects with elevated privileges. Affected users are encouraged to use Rockwell Automation Knowledgebase article 25612 to determine if FactoryTalk Services Platform is installed. Those using the affected product are directed to implement a secure communication strategy as outlined in Rockwell Automation Knowledgebase article 109056. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.