Details of VAR-202306-1263

ID

VAR-202306-1263

CVE

CVE-2023-2778

TITLE

Rockwell Automation FactoryTalk Transaction Manager Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-00984

DESCRIPTION

A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS. Remote attackers can use this vulnerability to submit special requests, which can consume a large amount of CPU and memory resources and cause a denial of service attack

Trust: 1.53

sources: NVD: CVE-2023-2778 // CNVD: CNVD-2025-00984 // VULMON: CVE-2023-2778

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-00984

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk transaction manager	scope:	lte	version:	13.10	Trust: 1.0
vendor:	rockwell	model:	automation factorytalk transaction manager	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-00984 // NVD: CVE-2023-2778

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-2778
value:	HIGH
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2023-2778
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-00984
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202306-1028
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-00984
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-2778
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2025-00984 // CNNVD: CNNVD-202306-1028 // NVD: CVE-2023-2778 // NVD: CVE-2023-2778

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.0

sources: NVD: CVE-2023-2778

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-1028

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202306-1028

PATCH

title:	Patch for Rockwell Automation FactoryTalk Transaction Manager Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/649961	Trust: 0.6
title:	Rockwell Automation FactoryTalk Transaction Manager Remediation of resource management error vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=243029	Trust: 0.6

sources: CNVD: CNVD-2025-00984 // CNNVD: CNNVD-202306-1028

EXTERNAL IDS

db:	NVD	id:	CVE-2023-2778	Trust: 2.3
db:	CNVD	id:	CNVD-2025-00984	Trust: 0.6
db:	CNNVD	id:	CNNVD-202306-1028	Trust: 0.6
db:	VULMON	id:	CVE-2023-2778	Trust: 0.1

sources: CNVD: CNVD-2025-00984 // VULMON: CVE-2023-2778 // CNNVD: CNNVD-202306-1028 // NVD: CVE-2023-2778

REFERENCES

url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139744	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2023-2778	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-2778/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-00984 // VULMON: CVE-2023-2778 // CNNVD: CNNVD-202306-1028 // NVD: CVE-2023-2778

SOURCES

db:	CNVD	id:	CNVD-2025-00984
db:	VULMON	id:	CVE-2023-2778
db:	CNNVD	id:	CNNVD-202306-1028
db:	NVD	id:	CVE-2023-2778

LAST UPDATE DATE

2025-01-24T23:02:02.582000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-00984	date:	2025-01-13T00:00:00
db:	VULMON	id:	CVE-2023-2778	date:	2023-06-13T00:00:00
db:	CNNVD	id:	CNNVD-202306-1028	date:	2023-06-27T00:00:00
db:	NVD	id:	CVE-2023-2778	date:	2023-06-26T14:05:00.940

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-00984	date:	2025-01-08T00:00:00
db:	VULMON	id:	CVE-2023-2778	date:	2023-06-13T00:00:00
db:	CNNVD	id:	CNNVD-202306-1028	date:	2023-06-13T00:00:00
db:	NVD	id:	CVE-2023-2778	date:	2023-06-13T21:15:10.103