CVE-2025-24481 HIGH

CVE-2025-24481: FactoryTalk® View Site Edition - Incorrect Permission Assignment

Vendor Rockwell Automation
Product FactoryTalk® View Site Edition
Weakness CWE-732
Published January 28, 2025
Last update February 12, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration.

Key dates

02Disclosure timeline

January 28, 2025 CVE published
February 12, 2025 Record updated