CVE-2024-45824: FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation
First published: Thu Sep 12 2024(Updated: )
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation FactoryTalk View Site Edition |
Remedy
Navigate to the following link and apply patches https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301 , directions are on the link page ( https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301 )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/remedy
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/rockwell automation
- canonical/rockwell automation factorytalk view site edition