Vulnerabilites related to Rockwell Automation - FactoryTalk View Machine Edition
cve-2024-37365
Vulnerability from cvelistv5
Published
2024-11-12 14:52
Modified
2024-11-12 19:04
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.0 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A remote code execution vulnerability exists in the affected
product. The vulnerability allows users to save projects within the public
directory allowing anyone with local access to modify and/or delete files. Additionally,
a malicious user could potentially leverage this vulnerability to escalate
their privileges by changing the macro to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | FactoryTalk View Machine Edition |
Version: >=V14 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:rockwellautomation:factorytalk_view_machine_edition:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "factorytalk_view_machine_edition", vendor: "rockwellautomation", versions: [ { lessThanOrEqual: "v14", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-37365", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T19:02:19.102188Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T19:04:00.897Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FactoryTalk View Machine Edition", vendor: "Rockwell Automation", versions: [ { status: "affected", version: ">=V14", }, ], }, ], datePublic: "2024-11-12T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>A remote code execution vulnerability exists in the affected\nproduct. The vulnerability allows users to save projects within the public\ndirectory allowing anyone with local access to modify and/or delete files. Additionally,\na malicious user could potentially leverage this vulnerability to escalate\ntheir privileges by changing the macro to execute arbitrary code. </p>", }, ], value: "A remote code execution vulnerability exists in the affected\nproduct. The vulnerability allows users to save projects within the public\ndirectory allowing anyone with local access to modify and/or delete files. Additionally,\na malicious user could potentially leverage this vulnerability to escalate\ntheir privileges by changing the macro to execute arbitrary code.", }, ], impacts: [ { capecId: "CAPEC-242", descriptions: [ { lang: "en", value: "CAPEC-242 Code Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "LOCAL", baseScore: 7, baseSeverity: "HIGH", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "PASSIVE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-12T14:52:55.556Z", orgId: "b73dd486-f505-4403-b634-40b078b177f0", shortName: "Rockwell", }, references: [ { url: "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Upgrade to Version 15", }, ], value: "Upgrade to Version 15", }, ], source: { discovery: "INTERNAL", }, title: "FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<br><p>· \nTo enhance security and\nprevent unauthorized modifications to HMI project files, harden the Windows OS\nby removing the <b>INTERACTIVE</b> group from the folder’s\nsecurity properties.</p>\n\n<p>· \nAdd specific users or user\ngroups and assign their permissions to this folder using the least privileges\nprinciple. Users with read-only permission can still test run and run the\nFactoryTalk View ME Station.</p>\n\n<p>· \nGuidance can be found in\nFactoryTalk View ME v14 Help topic: “HMI projects folder settings”. It can be opened through\nFactoryTalk View ME Studio menu “help\\Contents\\FactoryTalk View ME Help\\Create\na Machine Edition application->Open applications->HMI project folder settings”. <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security\nBest Practices</a></p>\n\n\n\n\n\n<br>", }, ], value: "· \nTo enhance security and\nprevent unauthorized modifications to HMI project files, harden the Windows OS\nby removing the INTERACTIVE group from the folder’s\nsecurity properties.\n\n\n\n· \nAdd specific users or user\ngroups and assign their permissions to this folder using the least privileges\nprinciple. Users with read-only permission can still test run and run the\nFactoryTalk View ME Station.\n\n\n\n· \nGuidance can be found in\nFactoryTalk View ME v14 Help topic: “HMI projects folder settings”. It can be opened through\nFactoryTalk View ME Studio menu “help\\Contents\\FactoryTalk View ME Help\\Create\na Machine Edition application->Open applications->HMI project folder settings”. Security\nBest Practices", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b73dd486-f505-4403-b634-40b078b177f0", assignerShortName: "Rockwell", cveId: "CVE-2024-37365", datePublished: "2024-11-12T14:52:55.556Z", dateReserved: "2024-06-06T20:18:27.551Z", dateUpdated: "2024-11-12T19:04:00.897Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24479
Vulnerability from cvelistv5
Published
2025-01-28 18:52
Modified
2025-02-12 20:01
Severity ?
EPSS score ?
Summary
A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | FactoryTalk View Machine Edition |
Version: <V15 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24479", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T19:01:40.776252Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T20:01:10.925Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FactoryTalk View Machine Edition", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "<V15", }, ], }, ], datePublic: "2025-01-28T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user.</span>\n\n<br>", }, ], value: "A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user.", }, ], impacts: [ { capecId: "CAPEC-108", descriptions: [ { lang: "en", value: "CAPEC-108: Unexpected functionality", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "LOCAL", baseScore: 8.6, baseSeverity: "HIGH", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T18:52:18.429Z", orgId: "b73dd486-f505-4403-b634-40b078b177f0", shortName: "Rockwell", }, references: [ { url: "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1719.html", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to V15.00 or apply patch in AID 1152309</span><br>", }, ], value: "Upgrade to V15.00 or apply patch in AID 1152309", }, ], source: { discovery: "INTERNAL", }, title: "FactoryTalk® View Machine Edition - Local Code Injection", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Control physical access to the system</p>\n\n<br>", }, ], value: "Control physical access to the system", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b73dd486-f505-4403-b634-40b078b177f0", assignerShortName: "Rockwell", cveId: "CVE-2025-24479", datePublished: "2025-01-28T18:52:18.429Z", dateReserved: "2025-01-21T21:21:03.342Z", dateUpdated: "2025-02-12T20:01:10.925Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }