CVE-2024-10944 HIGH

CVE-2024-10944: FactoryTalk® Updater Remote Code Execution

Vendor Rockwell Automation
Product FactoryTalk Updater
Weakness CWE-20 · Input validation
Published November 12, 2024
Last update November 13, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

A Remote Code Execution vulnerability exists in the affected product. The vulnerability requires a high level of permissions and exists due to improper input validation resulting in the possibility of a malicious Updated Agent being deployed.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 13, 2024 Record updated