CVE-2025-24482 HIGH

CVE-2025-24482: FactoryTalk® View Site Edition - Local Code Injection

Vendor Rockwell Automation
Product FactoryTalk® View Site Edition
Weakness CWE-94 · Code injection
Published January 28, 2025
Last update January 28, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.

Key dates

02Disclosure timeline

January 28, 2025 CVE published
January 28, 2025 Record updated