PT-2024-6054 · Rockwell Automation · Rockwell Automation Factorytalk View Machine Edition

Published

2024-09-12

Updated

2024-09-16

CVE-2024-45824

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk View Site Edition (affected versions not specified)

Description A remote code vulnerability exists in the affected products. This issue can be exploited for full unauthenticated remote code execution when combined with other vulnerabilities such as Path Traversal, Command Injection, and XSS. The vulnerability may allow a remote attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2024-06876

CVE-2024-45824

Affected Products

Rockwell Automation Factorytalk View Machine Edition

PT-2024-6054 · Rockwell Automation · Rockwell Automation Factorytalk View Machine Edition

CVE-2024-45824

Weakness Enumeration

Related Identifiers

Affected Products

References · 13