CVE-2024-37365 HIGH

CVE-2024-37365: FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path

Vendor Rockwell Automation

Product FactoryTalk View Machine Edition

Weakness CWE-20 · Input validation

Published November 12, 2024

Last update November 12, 2024

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code.

Key dates

02Disclosure timeline

November 12, 2024 CVE published

November 12, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-37365 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2024-37365

CWE CWE-20

CVSS 7.3 / HIGH

Affected versions