CVE-2024-45823 CRITICAL

CVE-2024-45823: FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets

Vendor Rockwell Automation
Product FactoryTalk® Batch View™
Weakness CWE-287 · Improper authentication
Published September 12, 2024
Last update September 12, 2024

CVSS base score

9.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.

Key dates

02Disclosure timeline

September 12, 2024 CVE published
September 12, 2024 Record updated