Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation’s FactoryTalk AssetCentre, an ICS-specific backup solution. All of the vulnerabilities have been assigned the maximum (10.0) CVSS v3 base score and, by chaining some of them, an attacker could own a facility’s entire operational technology (OT) network and run commands on server agents and automation devices such as programmable logic controllers (PLCs), they warn.
Source: https://www.helpnetsecurity.com/2021/04/07/vulnerabilities-ics-specific-backup/