CVE-2024-45823 IMPACT



An
authentication bypass vulnerability exists in the affected product. The
vulnerability exists due to shared secrets across accounts and could allow a threat
actor to impersonate a user if the threat actor is able to enumerate additional
information required during authentication.
Fixes

Solution

Upgrade to v3.00.00


Workaround

No workaround given by the vendor.

History

Wed, 02 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:rockwellautomation:factorytalk_batch_view:2.01.00:*:*:*:*:*:*:*

Thu, 12 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation factorytalk Batch View
CPEs cpe:2.3:a:rockwellautomation:factorytalk_batch_view:*:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation
Rockwellautomation factorytalk Batch View
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Description CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.
Title FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published:

Updated: 2024-09-12T15:09:32.171Z

Reserved: 2024-09-09T19:33:02.444Z

Link: CVE-2024-45823

cve-icon Vulnrichment

Updated: 2024-09-12T15:09:28.815Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-12T15:18:22.547

Modified: 2024-10-02T14:49:59.157

Link: CVE-2024-45823

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.