Skip to main content

Factorytalk View CVE-2024-45824

CRITICAL
Command Injection (CWE-77)
2024-09-12 PSIRT@rockwellautomation.com
9.2
CVSS 4.0 · Vendor: rockwellautomation
Share

Severity by source

Vendor (rockwellautomation) PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (rockwellautomation) · only source for this CVE.

CVSS VectorVendor: rockwellautomation

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Sep 12, 2024 - 14:16 cve.org
CRITICAL 9.2

DescriptionCVE.org

CVE-2024-45824 IMPACT

A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.

AnalysisAI

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue. Affected products include: Rockwellautomation Factorytalk View.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2020-12028 HIGH POC
8.1 Jul 20

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to int

CVE-2020-12029 HIGH POC
7.8 Jul 20

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. Rated high s

CVE-2020-12027 MEDIUM POC
4.3 Jul 20

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. Rated med

CVE-2023-2071 CRITICAL
9.8 Sep 12

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allo

CVE-2024-4609 HIGH
8.8 May 16

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor

CVE-2024-7513 HIGH
8.5 Aug 14

CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this

CVE-2024-37369 HIGH
8.5 Jun 14

A privilege escalation vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this vulnerability

CVE-2024-37368 HIGH
8.2 Jun 14

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. Rated high severity (CVSS 8.

CVE-2024-37367 HIGH
8.2 Jun 14

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. Rated high severity (CVS

CVE-2020-12031 HIGH
7.8 Jul 20

In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a lo

CVE-2023-46289 HIGH
7.5 Oct 27

Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow thr

CVE-2024-37365 HIGH
7.0 Nov 12

A remote code execution vulnerability exists in the affected product. Rated high severity (CVSS 7.0), this vulnerability

Share

CVE-2024-45824 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy