CVE-2022-3158 in FactoryTalk VantagePoint
Summary
by MITRE • 10/18/2022
Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/15/2025
The vulnerability identified as CVE-2022-3158 affects Rockwell Automation FactoryTalk VantagePoint versions 8.0 through 8.31, representing a critical input validation flaw that undermines the security posture of industrial control systems. This vulnerability specifically targets the SQL Server component within the FactoryTalk VantagePoint platform, which serves as a central hub for industrial automation and monitoring. The affected system operates within industrial environments where operational technology (OT) systems manage critical infrastructure, making the implications of this vulnerability particularly severe for organizations relying on these platforms for manufacturing and process control operations.
The technical flaw manifests as insufficient input validation within the SQL Server interface of FactoryTalk VantagePoint, where user-provided SQL statements are processed without adequate sanitization or validation mechanisms. This vulnerability falls under CWE-89, which specifically addresses SQL injection vulnerabilities, and aligns with ATT&CK technique T1190 for exploit development through SQL injection. The lack of proper input validation creates an environment where maliciously crafted SQL queries can be executed directly against the backend database, bypassing normal authentication and authorization controls. Attackers can leverage this weakness to manipulate database queries and potentially escalate privileges within the system.
The operational impact of this vulnerability extends beyond simple data manipulation, as successful exploitation could enable remote code execution on the affected server with the privileges of the database user. This capability allows attackers to execute arbitrary commands on the system, potentially leading to full system compromise and unauthorized access to critical industrial processes. The vulnerability affects organizations operating in sectors such as manufacturing, oil and gas, power generation, and other industrial environments where FactoryTalk VantagePoint is deployed for process monitoring and control. The remote execution capability means that attackers do not require physical access to the industrial network, making the system vulnerable to attacks from external threat actors.
Organizations should implement immediate mitigations including applying the latest security patches provided by Rockwell Automation, implementing network segmentation to isolate the FactoryTalk VantagePoint systems, and restricting database access privileges to the minimum required for operational functions. Additional protective measures include implementing database activity monitoring, deploying web application firewalls, and conducting regular security assessments of industrial control systems. The vulnerability demonstrates the critical importance of input validation in industrial control systems and highlights the need for robust security practices in operational technology environments. Organizations should also consider implementing zero-trust network architectures and regular vulnerability assessments to identify and remediate similar weaknesses in their industrial control system infrastructure.