{"api_version":"1","generated_at":"2026-04-23T15:12:31+00:00","cve":"CVE-2023-46289","urls":{"html":"https://cve.report/CVE-2023-46289","api":"https://cve.report/api/cve/CVE-2023-46289.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-46289","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-46289"},"summary":{"title":"CVE-2023-46289","description":"Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.","state":"PUBLIC","assigner":"PSIRT@rockwellautomation.com","published_at":"2023-10-27 19:15:00","updated_at":"2023-11-07 18:18:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167","name":"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167","refsource":"MISC","tags":[],"title":"Sign In","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-46289","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46289","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"46289","vulnerable":"1","versionEndIncluding":"13.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rockwellautomation","cpe5":"factorytalk_view","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"site_edition","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-46289","ASSIGNER":"PSIRT@rockwellautomation.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"\nRockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Rockwell Automation","product":{"product_data":[{"product_name":"FactoryTalk® View Site Edition ","version":{"version_data":[{"version_affected":"=","version_value":"versions 11.0-13.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167","refsource":"MISC","name":"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<ul><li>Install the patch that remediates the issue: <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140243\">BF29581 - Patch: External Service Interaction (HTTP), FactoryTalk View SE 11.0, 12.0 13.0</a>.</li></ul>"}],"value":"\n  *  Install the patch that remediates the issue:  BF29581 - Patch: External Service Interaction (HTTP), FactoryTalk View SE 11.0, 12.0 13.0 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140243 .\n\n\n"}],"credits":[{"lang":"en","value":"This vulnerability was found internally during routine testing."}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-27 19:15:00","lastModifiedDate":"2023-11-07 18:18:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:site_edition:*:*:*","versionStartIncluding":"11.0","versionEndIncluding":"13.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}