CVE-2023-2778 HIGH

CVE-2023-2778: Rockwell Automation FactoryTalk Transaction Manager Vulnerable to Denial-Of-Service

Vendor Rockwell Automation
Product FactoryTalk Transaction Manager
Weakness CWE-400
Published June 13, 2023
Last update March 5, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS.

Key dates

02Disclosure timeline

June 13, 2023 CVE published
March 5, 2025 Record updated