cvelistv5 - cve-2024-7513

cve-2024-7513

Vulnerability from cvelistv5

Published

2024-08-14 19:48

Modified

2024-08-14 20:16

Severity ?

8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Summary

CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.

References

▼	URL	Tags
	PSIRT@rockwellautomation.com	https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	Rockwell Automation	FactoryTalk View Site Edition	Version: 13.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:factorytalk_view:13.0:*:*:*:se:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "factorytalk_view",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "13.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7513",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T20:09:08.721442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T20:16:25.948Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FactoryTalk View Site Edition",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "13.0"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cb\u003eCVE-2024-7513 IMPACT\u003c/b\u003e\u003c/p\u003e\u003cp\u003eA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.\u003c/p\u003e"
            }
          ],
          "value": "CVE-2024-7513 IMPACT\n\nA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-576",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-576 Group Permission Footprinting"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T19:48:46.656Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to v14.0"
            }
          ],
          "value": "Upgrade to v14.0"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Rockwell Automation FactoryTalk\u00ae View Site Edition Code Execution Vulnerability via File Permissions",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCustomers using the affected software are encouraged to apply security best practices, if possible.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eRemove \u201cEveryone\u201d user group from read and write privileges by changing the FactoryTalk\u00ae View SE project folder permissions using the help guide. Detailed instructions are below. \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eOpen FactoryTalk\u00ae View Studio -\u0026gt; Help -\u0026gt; FactoryTalk\u00ae View SE Help. I\u003cspan style=\"background-color: var(--wht);\"\u003en the file -\u0026gt; Security -\u0026gt; \u201cHMI projects folder\u201d\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Customers using the affected software are encouraged to apply security best practices, if possible.\n\n  *  Remove \u201cEveryone\u201d user group from read and write privileges by changing the FactoryTalk\u00ae View SE project folder permissions using the help guide. Detailed instructions are below. \n\n\n\n\n  *  Open FactoryTalk\u00ae View Studio -\u003e Help -\u003e FactoryTalk\u00ae View SE Help. In the file -\u003e Security -\u003e \u201cHMI projects folder\u201d"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-7513",
    "datePublished": "2024-08-14T19:48:46.656Z",
    "dateReserved": "2024-08-05T20:18:13.759Z",
    "dateUpdated": "2024-08-14T20:16:25.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-7513\",\"sourceIdentifier\":\"PSIRT@rockwellautomation.com\",\"published\":\"2024-08-14T20:15:13.013\",\"lastModified\":\"2025-01-31T15:25:24.030\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CVE-2024-7513 IMPACT\\n\\nA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.\"},{\"lang\":\"es\",\"value\":\" CVE-2024-7513 IMPACT Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en el producto afectado. La vulnerabilidad se produce debido a permisos de archivos predeterminados inadecuados que permiten a cualquier usuario editar o reemplazar archivos, que se ejecutan mediante una cuenta con permisos elevados.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:se:*:*:*\",\"versionStartIncluding\":\"13.0\",\"matchCriteriaId\":\"E13B3C84-07B8-4327-B73E-21A65D5E5627\"}]}]}],\"references\":[{\"url\":\"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html\",\"source\":\"PSIRT@rockwellautomation.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7513\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-14T20:09:08.721442Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:rockwellautomation:factorytalk_view:13.0:*:*:*:se:*:*:*\"], \"vendor\": \"rockwellautomation\", \"product\": \"factorytalk_view\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.0\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-14T20:16:19.702Z\"}}], \"cna\": {\"title\": \"Rockwell Automation FactoryTalk\\u00ae View Site Edition Code Execution Vulnerability via File Permissions\", \"source\": {\"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-576\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-576 Group Permission Footprinting\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.5, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Rockwell Automation\", \"product\": \"FactoryTalk View Site Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.0\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to v14.0\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Upgrade to v14.0\", \"base64\": false}]}], \"datePublic\": \"2024-08-13T13:00:00.000Z\", \"references\": [{\"url\": \"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Customers using the affected software are encouraged to apply security best practices, if possible.\\n\\n  *  Remove \\u201cEveryone\\u201d user group from read and write privileges by changing the FactoryTalk\\u00ae View SE project folder permissions using the help guide. Detailed instructions are below. \\n\\n\\n\\n\\n  *  Open FactoryTalk\\u00ae View Studio -\u003e Help -\u003e FactoryTalk\\u00ae View SE Help. In the file -\u003e Security -\u003e \\u201cHMI projects folder\\u201d\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eCustomers using the affected software are encouraged to apply security best practices, if possible.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eRemove \\u201cEveryone\\u201d user group from read and write privileges by changing the FactoryTalk\\u00ae View SE project folder permissions using the help guide. Detailed instructions are below. \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eOpen FactoryTalk\\u00ae View Studio -\u0026gt; Help -\u0026gt; FactoryTalk\\u00ae View SE Help. I\u003cspan style=\\\"background-color: var(--wht);\\\"\u003en the file -\u0026gt; Security -\u0026gt; \\u201cHMI projects folder\\u201d\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"CVE-2024-7513 IMPACT\\n\\nA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cb\u003eCVE-2024-7513 IMPACT\u003c/b\u003e\u003c/p\u003e\u003cp\u003eA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"CWE-732 Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"shortName\": \"Rockwell\", \"dateUpdated\": \"2024-08-14T19:48:46.656Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-7513\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-14T20:16:25.948Z\", \"dateReserved\": \"2024-08-05T20:18:13.759Z\", \"assignerOrgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"datePublished\": \"2024-08-14T19:48:46.656Z\", \"assignerShortName\": \"Rockwell\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2024-7513

Vulnerability from fkie_nvd

Published

2024-08-14 20:15

Modified

2025-01-31 15:25

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	PSIRT@rockwellautomation.com	https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	rockwellautomation	factorytalk_view	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:se:*:*:*",
              "matchCriteriaId": "E13B3C84-07B8-4327-B73E-21A65D5E5627",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CVE-2024-7513 IMPACT\n\nA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions."
    },
    {
      "lang": "es",
      "value": " CVE-2024-7513 IMPACT Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en el producto afectado. La vulnerabilidad se produce debido a permisos de archivos predeterminados inadecuados que permiten a cualquier usuario editar o reemplazar archivos, que se ejecutan mediante una cuenta con permisos elevados."
    }
  ],
  "id": "CVE-2024-7513",
  "lastModified": "2025-01-31T15:25:24.030",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "automatable": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "confidentialityRequirements": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "subsequentSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "vulnerableSystemAvailability": "HIGH",
          "vulnerableSystemConfidentiality": "HIGH",
          "vulnerableSystemIntegrity": "HIGH"
        },
        "source": "PSIRT@rockwellautomation.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-14T20:15:13.013",
  "references": [
    {
      "source": "PSIRT@rockwellautomation.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
    }
  ],
  "sourceIdentifier": "PSIRT@rockwellautomation.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "PSIRT@rockwellautomation.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2024-1954

Vulnerability from csaf_certbund

Published

2024-08-29 22:00

Modified

2024-08-29 22:00

Summary

Rockwell Automation FactoryTalk: Schwachstelle ermöglicht Privilegieneskalation und Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

FactoryTalk ist eine Software für die industrielle Automatisierung, die zur Maximierung der Effizienz und Steigerung der Anlagenproduktivität entwickelt wurde.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Rockwell Automation FactoryTalk ausnutzen, um seine Privilegien zu erhöhen oder um beliebigen Code auszuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FactoryTalk ist eine Software f\u00fcr die industrielle Automatisierung, die zur Maximierung der Effizienz und Steigerung der Anlagenproduktivit\u00e4t entwickelt wurde.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Rockwell Automation FactoryTalk ausnutzen, um seine Privilegien zu erh\u00f6hen oder um beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1954 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1954.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1954 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1954"
      },
      {
        "category": "external",
        "summary": "Rockwell Automation Security Advisory SD 1688 vom 2024-08-29",
        "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
      },
      {
        "category": "external",
        "summary": "CISA Advisory",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-06"
      }
    ],
    "source_lang": "en-US",
    "title": "Rockwell Automation FactoryTalk: Schwachstelle erm\u00f6glicht Privilegieneskalation und Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-08-29T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-30T08:08:17.130+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-1954",
      "initial_release_date": "2024-08-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=13.0",
                "product": {
                  "name": "Rockwell Automation FactoryTalk \u003c=13.0",
                  "product_id": "T036823"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=13.0",
                "product": {
                  "name": "Rockwell Automation FactoryTalk \u003c=13.0",
                  "product_id": "T036823-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "FactoryTalk"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7513",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Rockwell Automation FactoryTalk. Dieser Fehler existiert wegen ungeeigneter Standard-Dateiberechtigungen, die es jedem Benutzer erlauben, Dateien zu bearbeiten oder zu ersetzen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern oder beliebigen Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T036823"
        ]
      },
      "release_date": "2024-08-29T22:00:00.000+00:00",
      "title": "CVE-2024-7513"
    }
  ]
}

wid-sec-w-2024-1844

Vulnerability from csaf_certbund

Published

2024-08-13 22:00

Modified

2024-08-13 22:00

Summary

Rockwell Automation FactoryTalk: Schwachstelle ermöglicht Codeausführung

Notes

Produktbeschreibung

FactoryTalk ist eine Software für die industrielle Automatisierung, die zur Maximierung der Effizienz und Steigerung der Anlagenproduktivität entwickelt wurde.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Rockwell Automation FactoryTalk ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Sonstiges - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FactoryTalk ist eine Software f\u00fcr die industrielle Automatisierung, die zur Maximierung der Effizienz und Steigerung der Anlagenproduktivit\u00e4t entwickelt wurde.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Rockwell Automation FactoryTalk ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1844 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1844.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1844 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1844"
      },
      {
        "category": "external",
        "summary": "Rockwell Automation Advisory vom 2024-08-13",
        "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Rockwell Automation FactoryTalk: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-08-13T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:12:17.614+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1844",
      "initial_release_date": "2024-08-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "View Site Edition \u003c14.0",
                "product": {
                  "name": "Rockwell Automation FactoryTalk View Site Edition \u003c14.0",
                  "product_id": "T036823"
                }
              }
            ],
            "category": "product_name",
            "name": "FactoryTalk"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7513",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Rockwell Automation FactoryTalk. Dieser Fehler betrifft die Komponente View Site Edition aufgrund ungeeigneter Standard-Dateiberechtigungen, die es jedem Benutzer erm\u00f6glichen, Dateien zu bearbeiten oder zu ersetzen, die von einem Konto mit erh\u00f6hten Rechten ausgef\u00fchrt werden. Ein lokaler Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2024-7513"
    }
  ]
}

wid-sec-w-2024-1954

Vulnerability from csaf_certbund

Published

2024-08-29 22:00

Modified

2024-08-29 22:00

Summary

Rockwell Automation FactoryTalk: Schwachstelle ermöglicht Privilegieneskalation und Codeausführung

Notes

Produktbeschreibung

FactoryTalk ist eine Software für die industrielle Automatisierung, die zur Maximierung der Effizienz und Steigerung der Anlagenproduktivität entwickelt wurde.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Rockwell Automation FactoryTalk ausnutzen, um seine Privilegien zu erhöhen oder um beliebigen Code auszuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FactoryTalk ist eine Software f\u00fcr die industrielle Automatisierung, die zur Maximierung der Effizienz und Steigerung der Anlagenproduktivit\u00e4t entwickelt wurde.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Rockwell Automation FactoryTalk ausnutzen, um seine Privilegien zu erh\u00f6hen oder um beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1954 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1954.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1954 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1954"
      },
      {
        "category": "external",
        "summary": "Rockwell Automation Security Advisory SD 1688 vom 2024-08-29",
        "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
      },
      {
        "category": "external",
        "summary": "CISA Advisory",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-06"
      }
    ],
    "source_lang": "en-US",
    "title": "Rockwell Automation FactoryTalk: Schwachstelle erm\u00f6glicht Privilegieneskalation und Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-08-29T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-30T08:08:17.130+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-1954",
      "initial_release_date": "2024-08-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=13.0",
                "product": {
                  "name": "Rockwell Automation FactoryTalk \u003c=13.0",
                  "product_id": "T036823"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=13.0",
                "product": {
                  "name": "Rockwell Automation FactoryTalk \u003c=13.0",
                  "product_id": "T036823-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "FactoryTalk"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7513",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Rockwell Automation FactoryTalk. Dieser Fehler existiert wegen ungeeigneter Standard-Dateiberechtigungen, die es jedem Benutzer erlauben, Dateien zu bearbeiten oder zu ersetzen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern oder beliebigen Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T036823"
        ]
      },
      "release_date": "2024-08-29T22:00:00.000+00:00",
      "title": "CVE-2024-7513"
    }
  ]
}

WID-SEC-W-2024-1844

Vulnerability from csaf_certbund

Published

2024-08-13 22:00

Modified

2024-08-13 22:00

Summary

Rockwell Automation FactoryTalk: Schwachstelle ermöglicht Codeausführung

Notes

Produktbeschreibung

FactoryTalk ist eine Software für die industrielle Automatisierung, die zur Maximierung der Effizienz und Steigerung der Anlagenproduktivität entwickelt wurde.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Rockwell Automation FactoryTalk ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Sonstiges - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FactoryTalk ist eine Software f\u00fcr die industrielle Automatisierung, die zur Maximierung der Effizienz und Steigerung der Anlagenproduktivit\u00e4t entwickelt wurde.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Rockwell Automation FactoryTalk ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1844 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1844.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1844 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1844"
      },
      {
        "category": "external",
        "summary": "Rockwell Automation Advisory vom 2024-08-13",
        "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Rockwell Automation FactoryTalk: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-08-13T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:12:17.614+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1844",
      "initial_release_date": "2024-08-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "View Site Edition \u003c14.0",
                "product": {
                  "name": "Rockwell Automation FactoryTalk View Site Edition \u003c14.0",
                  "product_id": "T036823"
                }
              }
            ],
            "category": "product_name",
            "name": "FactoryTalk"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7513",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Rockwell Automation FactoryTalk. Dieser Fehler betrifft die Komponente View Site Edition aufgrund ungeeigneter Standard-Dateiberechtigungen, die es jedem Benutzer erm\u00f6glichen, Dateien zu bearbeiten oder zu ersetzen, die von einem Konto mit erh\u00f6hten Rechten ausgef\u00fchrt werden. Ein lokaler Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2024-7513"
    }
  ]
}

ICSA-24-226-06

Vulnerability from csaf_cisa

Published

2024-08-13 06:00

Modified

2024-08-29 06:00

Summary

Rockwell Automation FactoryTalk View Site Edition (Update A)

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow any user to edit or replace files, which are executed by account with elevated permissions.

Critical infrastructure sectors

Chemical, Commercial Facilities, Critical Manufacturing, Energy, Government Facilities, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Rockwell Automation",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow any user to edit or replace files, which are executed by account with elevated permissions.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Chemical, Commercial Facilities, Critical Manufacturing, Energy, Government Facilities, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-226-06 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-226-06.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-226-06 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-06"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Rockwell Automation FactoryTalk View Site Edition (Update A)",
    "tracking": {
      "current_release_date": "2024-08-29T06:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-226-06",
      "initial_release_date": "2024-08-13T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-08-13T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2024-08-29T06:00:00.000000Z",
          "legacy_version": "Update A",
          "number": "2",
          "summary": "Update A - Changed mitigation information."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "13.0",
                "product": {
                  "name": "Rockwell Automation FactoryTalk View SE: 13.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "FactoryTalk View SE"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7513",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7513"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "By default, all HMI server projects are saved in the HMI projects folder on the HMI server computer located at C:\\Users\\Public\\Documents\\RSView Enterprise\\SE\\HMI projects. Rockwell Automation encourages users of the affected software to enhance security and prevent unauthorized modifications to these projects by tightening the Windows folder\u0027s security settings on the HMI server computer by following these steps:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Remove the INTERACTIVE group from the folder\u0027s security properties.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Add specific users or user groups and assign their permissions to this folder as needed.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "If you assign read-only permission to those users or user groups, they can only view and will not be able to write to project files. Users with read-only permission can still test run and run the FactoryTalk View SE client.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "In Version 14: Open FactoryTalk View Studio -\u003e Help -\u003e FactoryTalk View SE Help -\u003e In the Help file -\u003e Security -\u003e \"HMI projects folder\"",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages customers to implement their suggested security best practices to minimize the risk of the vulnerability.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        },
        {
          "category": "mitigation",
          "details": "For more information, refer to Rockwell Automation\u0027s security advisory SD 1688.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

icsa-24-226-06

Vulnerability from csaf_cisa

Published

2024-08-13 06:00

Modified

2024-08-29 06:00

Summary

Rockwell Automation FactoryTalk View Site Edition (Update A)

Notes

Legal Notice

Risk evaluation

Successful exploitation of this vulnerability could allow any user to edit or replace files, which are executed by account with elevated permissions.

Critical infrastructure sectors

Chemical, Commercial Facilities, Critical Manufacturing, Energy, Government Facilities, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Rockwell Automation",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow any user to edit or replace files, which are executed by account with elevated permissions.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Chemical, Commercial Facilities, Critical Manufacturing, Energy, Government Facilities, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-226-06 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-226-06.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-226-06 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-06"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Rockwell Automation FactoryTalk View Site Edition (Update A)",
    "tracking": {
      "current_release_date": "2024-08-29T06:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-226-06",
      "initial_release_date": "2024-08-13T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-08-13T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2024-08-29T06:00:00.000000Z",
          "legacy_version": "Update A",
          "number": "2",
          "summary": "Update A - Changed mitigation information."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "13.0",
                "product": {
                  "name": "Rockwell Automation FactoryTalk View SE: 13.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "FactoryTalk View SE"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7513",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7513"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "By default, all HMI server projects are saved in the HMI projects folder on the HMI server computer located at C:\\Users\\Public\\Documents\\RSView Enterprise\\SE\\HMI projects. Rockwell Automation encourages users of the affected software to enhance security and prevent unauthorized modifications to these projects by tightening the Windows folder\u0027s security settings on the HMI server computer by following these steps:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Remove the INTERACTIVE group from the folder\u0027s security properties.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Add specific users or user groups and assign their permissions to this folder as needed.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "If you assign read-only permission to those users or user groups, they can only view and will not be able to write to project files. Users with read-only permission can still test run and run the FactoryTalk View SE client.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "In Version 14: Open FactoryTalk View Studio -\u003e Help -\u003e FactoryTalk View SE Help -\u003e In the Help file -\u003e Security -\u003e \"HMI projects folder\"",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages customers to implement their suggested security best practices to minimize the risk of the vulnerability.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        },
        {
          "category": "mitigation",
          "details": "For more information, refer to Rockwell Automation\u0027s security advisory SD 1688.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

ghsa-6cpv-q9vf-2h3j

Vulnerability from github

Published

2024-08-14 21:33

Modified

2025-01-31 15:30

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CVE-2024-7513 IMPACT

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-7513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T20:15:13Z",
    "severity": "HIGH"
  },
  "details": "CVE-2024-7513 IMPACT\n\nA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.",
  "id": "GHSA-6cpv-q9vf-2h3j",
  "modified": "2025-01-31T15:30:42Z",
  "published": "2024-08-14T21:33:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7513"
    },
    {
      "type": "WEB",
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

var-202408-2038

Vulnerability from variot

CVE-2024-7513 IMPACT

A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202408-2038",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "automation factorytalk view se",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "13.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      }
    ]
  },
  "cve": "CVE-2024-7513",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2024-38542",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "PSIRT@rockwellautomation.com",
            "id": "CVE-2024-7513",
            "trust": 1.0,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2024-38542",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-7513"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CVE-2024-7513 IMPACT\n\nA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-7513"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      }
    ],
    "trust": 1.44
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-7513",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-7513"
      }
    ]
  },
  "id": "VAR-202408-2038",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      }
    ],
    "trust": 1.3510121499999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      }
    ]
  },
  "last_update_date": "2024-09-20T22:59:27.782000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Rockwell Automation FactoryTalk View SE Code Execution Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/593031"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-732",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-7513"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd%201688.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-7513"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-7513"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-7513"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-09-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      },
      {
        "date": "2024-08-14T20:15:13.013000",
        "db": "NVD",
        "id": "CVE-2024-7513"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-09-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      },
      {
        "date": "2024-08-15T13:01:10.150000",
        "db": "NVD",
        "id": "CVE-2024-7513"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rockwell Automation FactoryTalk View SE Code Execution Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38542"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from csaf_cisa

Vulnerability from csaf_cisa

Vulnerability from github

Vulnerability from variot

Tags

Sightings

Nomenclature