Rockwell.FactoryTalk.RNADiagnosticsSrv.Insecure.Deserialization
Description
This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in Rockwell Automation FactoryTalk Diagnostics.
This vulnerability is due to insufficient validation of serialized data sent to RNADiagnosticsSrv endpoint. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted serialized object to the target server. Successful exploitation can result in result in arbitrary code execution under the security context of the SYSTEM.
Affected Products
Rockwell Automation FactoryTalk Diagnostics .
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.us-cert.gov/ics/advisories/icsa-20-051-02
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |