CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.
History

Thu, 12 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation factorytalk View
CPEs cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation
Rockwellautomation factorytalk View
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
Description CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.
Title FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2024-09-12T14:05:22.202Z

Updated: 2024-09-12T15:07:31.980Z

Reserved: 2024-09-09T19:33:02.444Z

Link: CVE-2024-45824

cve-icon Vulnrichment

Updated: 2024-09-12T15:05:46.181Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-12T14:16:06.953

Modified: 2024-09-12T18:14:03.913

Link: CVE-2024-45824

cve-icon Redhat

No data.