CVE-2017-6015 - OpenCVE

Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rockwellautomation	Factorytalk Activation

Configuration 1 [-]

cpe:2.3:a:rockwellautomation:factorytalk_activation:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96996
https://ics-cert.us-cert.gov/advisories/ICSA-17-047-02
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-05-11T13:00:00Z

Updated: 2024-09-16T21:07:54.228Z

Reserved: 2017-02-16T00:00:00

Link: CVE-2017-6015

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-05-11T13:29:00.297

Modified: 2019-10-09T23:28:33.370

Link: CVE-2017-6015

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FactoryTalk Activation", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "FactoryTalk Activation Service, Version 4.00.02 and prior versions."}]}], "datePublic": "2017-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "Unquoted search path or element CWE-428", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-12T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "96996", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96996"}, {"tags": ["x_refsource_MISC"], "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-047-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2017-03-21T00:00:00", "ID": "CVE-2017-6015", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FactoryTalk Activation", "version": {"version_data": [{"version_value": "FactoryTalk Activation Service, Version 4.00.02 and prior versions."}]}}]}, "vendor_name": "Rockwell Automation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Unquoted search path or element CWE-428"}]}]}, "references": {"reference_data": [{"name": "96996", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96996"}, {"name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382", "refsource": "MISC", "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-047-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-047-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:18:49.328Z"}, "title": "CVE Program Container", "references": [{"name": "96996", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96996"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-047-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-6015", "datePublished": "2018-05-11T13:00:00Z", "dateReserved": "2017-02-16T00:00:00", "dateUpdated": "2024-09-16T21:07:54.228Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_activation:*:*:*:*:*:*:*:*", "matchCriteriaId": "175856ED-7BC9-459A-B3C5-E71CC791DA1E", "versionEndIncluding": "4.00.02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later."}, {"lang": "es", "value": "Sin comillas, cualquier espacio en blanco en la ruta de archivo de Rockwell Automation FactoryTalk Activation 4.00.02 se mantiene ambiguo. Esto puede permitir que un atacante vincule o ejecute un archivo malicioso. Esto puede permitir que un usuario local autorizado sin privilegios ejecute c\u00f3digo arbitrario con privilegios elevados en el sistema. Puntuaci\u00f3n base de CVSS v3: 8.8, cadena de vector CVSS: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation ha lanzado una nueva versi\u00f3n de FactoryTalk Activation, versi\u00f3n 4.01, que aborda esta vulnerabilidad identificada. Rockwell Automation recomienda actualizar a la \u00faltima versi\u00f3n de FactoryTalk Activation, la 4.01 o posteriores."}], "id": "CVE-2017-6015", "lastModified": "2019-10-09T23:28:33.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-11T13:29:00.297", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96996"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-047-02"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-428"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}