CVE-2024-3640 - OpenCVE

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2024-05-16T15:25:28.558Z

Updated: 2024-08-01T20:20:00.578Z

Reserved: 2024-04-10T20:45:50.623Z

Link: CVE-2024-3640

Vulnrichment

Updated: 2024-08-01T20:20:00.578Z

NVD

Status : Awaiting Analysis

Published: 2024-05-16T16:15:10.477

Modified: 2024-05-17T18:36:31.297

Link: CVE-2024-3640

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3640", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-04-10T20:45:50.623Z", "datePublished": "2024-05-16T15:25:28.558Z", "dateUpdated": "2024-08-01T20:20:00.578Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FactoryTalk\u00ae Remote Access\u2122", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v13.5.0.174"}]}], "datePublic": "2024-05-16T15:14:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An unquoted executable path exists in the Rockwell Automation FactoryTalk\u00ae Remote Access\u2122 possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability. </span>\n\n"}], "value": "An unquoted executable path exists in the Rockwell Automation\u00a0FactoryTalk\u00ae Remote Access\u2122 possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability."}], "impacts": [{"capecId": "CAPEC-38", "descriptions": [{"lang": "en", "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-05-16T15:25:28.558Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>Corrected in v13.6.</li></ul>"}], "value": "* Corrected in v13.6."}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices below, where possible. </p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a> </p></li></ul>"}], "value": "Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices below, where possible. \n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}], "source": {"discovery": "INTERNAL"}, "title": "Rockwell Automation FactoryTalk\u00ae Remote Access\u2122 has Unquoted Executables", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3640", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T17:57:33.825467Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:31:28.680Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.578Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.578Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3640", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T17:57:33.825467Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T14:23:21.973Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Rockwell Automation FactoryTalk\u00ae Remote Access\u2122 has Unquoted Executables", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-38", "descriptions": [{"lang": "en", "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "FactoryTalk\u00ae Remote Access\u2122", "versions": [{"status": "affected", "version": "v13.5.0.174"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "* Corrected in v13.6.", "supportingMedia": [{"type": "text/html", "value": "<ul><li>Corrected in v13.6.</li></ul>", "base64": false}]}, {"lang": "en", "value": "Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices below, where possible. \n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices below, where possible. </p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a> </p></li></ul>", "base64": false}]}], "datePublic": "2024-05-16T15:14:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An unquoted executable path exists in the Rockwell Automation\u00a0FactoryTalk\u00ae Remote Access\u2122 possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An unquoted executable path exists in the Rockwell Automation FactoryTalk\u00ae Remote Access\u2122 possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability. </span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-05-16T15:25:28.558Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3640", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:20:00.578Z", "dateReserved": "2024-04-10T20:45:50.623Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2024-05-16T15:25:28.558Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An unquoted executable path exists in the Rockwell Automation\u00a0FactoryTalk\u00ae Remote Access\u2122 possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability."}, {"lang": "es", "value": "Existe una ruta ejecutable sin comillas en Rockwell Automation FactoryTalk\u00ae Remote Access\u2122 que, si se explota, podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo. Mientras se ejecuta el paquete de instalaci\u00f3n de FTRA, la ruta del ejecutable no se cita correctamente, lo que podr\u00eda permitir que un actor de amenazas ingrese un ejecutable malicioso y lo ejecute como usuario del sistema. Un actor malicioso necesita privilegios de administrador para explotar esta vulnerabilidad."}], "id": "CVE-2024-3640", "lastModified": "2024-05-17T18:36:31.297", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2024-05-16T16:15:10.477", "references": [{"source": "PSIRT@rockwellautomation.com", "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}