CVE-2024-45824
FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.2EPSS 1.3%KEV nãoPoC —Patch —
Lifecycle
12 Sep 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
CVE-2024-45824 IMPACT
A remote
code vulnerability exists in the affected products. The vulnerability occurs
when chained with Path Traversal, Command Injection, and XSS Vulnerabilities
and allows for full unauthenticated remote code execution. The link in the
mitigations section below contains patches to fix this issue.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Rockwell Automation · FactoryTalk View Site EditionWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →