A remote code execution vulnerability exists in the affected
product. The vulnerability allows users to save projects within the public
directory allowing anyone with local access to modify and/or delete files. Additionally,
a malicious user could potentially leverage this vulnerability to escalate
their privileges by changing the macro to execute arbitrary code.
product. The vulnerability allows users to save projects within the public
directory allowing anyone with local access to modify and/or delete files. Additionally,
a malicious user could potentially leverage this vulnerability to escalate
their privileges by changing the macro to execute arbitrary code.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rockwellautomation
Rockwellautomation factorytalk View Machine Edition |
|
CPEs | cpe:2.3:a:rockwellautomation:factorytalk_view_machine_edition:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rockwellautomation
Rockwellautomation factorytalk View Machine Edition |
|
Metrics |
ssvc
|
Tue, 12 Nov 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code. | |
Title | FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path | |
Weaknesses | CWE-20 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Rockwell
Published:
Updated: 2024-11-12T19:04:00.897Z
Reserved: 2024-06-06T20:18:27.551Z
Link: CVE-2024-37365

Updated: 2024-11-12T19:03:55.651Z

Status : Awaiting Analysis
Published: 2024-11-12T15:15:08.923
Modified: 2024-11-12T15:48:59.103
Link: CVE-2024-37365

No data.

No data.