← voltar
CVE-2024-45824

FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation

CVSS 9.2 CRITICALEPSS 1.3%CWE-77
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.2EPSS 1.3%KEV nãoPoC Patch
Ciclo de vida
12 set 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Rockwell Automation · FactoryTalk View Site Edition

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html