PT-2018-8291 · Rockwell Automation · Factorytalk Activation

Publicado

2018-05-11

Atualizado

2019-10-09

CVE-2017-6015

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk Activation versions prior to 4.01

Description The issue allows an attacker to potentially execute arbitrary code with elevated privileges on the system by exploiting ambiguous whitespace in file paths. This can be achieved by an authorized, but not privileged, local user.

Recommendations For versions prior to 4.01, upgrade to Version 4.01 or later to resolve the issue.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-428CWE-74

Identificadores relacionados

CVE-2017-6015

Produtos afetados

Factorytalk Activation

PT-2018-8291 · Rockwell Automation · Factorytalk Activation

CVE-2017-6015

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5