CVE-2024-45824 CRITICAL

CVE-2024-45824: FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation

Vendor Rockwell Automation
Product FactoryTalk View Site Edition
Weakness CWE-77
Published September 12, 2024
Last update September 12, 2024

CVSS base score

9.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.

Key dates

02Disclosure timeline

September 12, 2024 CVE published
September 12, 2024 Record updated