CVE-2024-3640
Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 May 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Rockwell Automation · FactoryTalk® Remote Access™Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →