{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45824", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-09-09T19:33:02.444Z", "datePublished": "2024-09-12T14:05:22.202Z", "dateUpdated": "2024-09-12T15:07:31.980Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FactoryTalk View Site Edition", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "12.0-14.0"}]}], "datePublic": "2024-09-12T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><b><u>CVE-2024-45824 IMPACT</u></b></p>\n\n<p>A remote\ncode vulnerability exists in the affected products. The vulnerability occurs\nwhen chained with Path Traversal, Command Injection, and XSS Vulnerabilities\nand allows for full unauthenticated remote code execution. The link in the\nmitigations section below contains patches to fix this issue.</p>"}], "value": "CVE-2024-45824 IMPACT\n\n\n\nA remote\ncode vulnerability exists in the affected products. The vulnerability occurs\nwhen chained with Path Traversal, Command Injection, and XSS Vulnerabilities\nand allows for full unauthenticated remote code execution. The link in the\nmitigations section below contains patches to fix this issue."}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9.2, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-09-12T14:05:22.202Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Navigate to\nthe following <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301\">link and apply patches</a>, directions are on the\nlink page (<a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301\">https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301</a>)<u></u></p>\n\n\n\n\n\n<br>"}], "value": "Navigate to\nthe following link and apply patches https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301 , directions are on the\nlink page ( https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301 )"}], "source": {"discovery": "INTERNAL"}, "title": "FactoryTalk\u00ae View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "rockwellautomation", "product": "factorytalk_view", "cpes": ["cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12.0", "status": "affected", "lessThanOrEqual": "14.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T15:00:29.395196Z", "id": "CVE-2024-45824", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T15:07:31.980Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45824", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-12T15:00:29.395196Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "factorytalk_view", "versions": [{"status": "affected", "version": "12.0", "versionType": "custom", "lessThanOrEqual": "14.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T15:05:46.181Z"}}], "cna": {"title": "FactoryTalk\u00ae View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "FactoryTalk View Site Edition", "versions": [{"status": "affected", "version": "12.0-14.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Navigate to\nthe following link and apply patches https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301 , directions are on the\nlink page ( https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301 )", "supportingMedia": [{"type": "text/html", "value": "<p>Navigate to\nthe following <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301\">link and apply patches</a>, directions are on the\nlink page (<a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301\">https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301</a>)<u></u></p>\n\n\n\n\n\n<br>", "base64": false}]}], "datePublic": "2024-09-12T13:00:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CVE-2024-45824 IMPACT\n\n\n\nA remote\ncode vulnerability exists in the affected products. The vulnerability occurs\nwhen chained with Path Traversal, Command Injection, and XSS Vulnerabilities\nand allows for full unauthenticated remote code execution. The link in the\nmitigations section below contains patches to fix this issue.", "supportingMedia": [{"type": "text/html", "value": "<p><b><u>CVE-2024-45824 IMPACT</u></b></p>\n\n<p>A remote\ncode vulnerability exists in the affected products. The vulnerability occurs\nwhen chained with Path Traversal, Command Injection, and XSS Vulnerabilities\nand allows for full unauthenticated remote code execution. The link in the\nmitigations section below contains patches to fix this issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-09-12T14:05:22.202Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45824", "state": "PUBLISHED", "dateUpdated": "2024-09-12T15:07:31.980Z", "dateReserved": "2024-09-09T19:33:02.444Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2024-09-12T14:05:22.202Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CVE-2024-45824 IMPACT\n\n\n\nA remote\ncode vulnerability exists in the affected products. The vulnerability occurs\nwhen chained with Path Traversal, Command Injection, and XSS Vulnerabilities\nand allows for full unauthenticated remote code execution. The link in the\nmitigations section below contains patches to fix this issue."}], "id": "CVE-2024-45824", "lastModified": "2024-09-12T18:14:03.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2024-09-12T14:16:06.953", "references": [{"source": "PSIRT@rockwellautomation.com", "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}

{}