CVE-2025-24482

FactoryTalk® View Site Edition - Local Code Injection

CVSS 7 HIGHEPSS 0.2%CWE-94

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

28 Jan 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected products

Rockwell Automation · FactoryTalk® View Site Edition

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1720.html