← Back to CVE List

CVE-2023-46290

Published: 2023-10-27T19:15Z
Last Modified: 2024-11-21T08:28Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt