CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-45824

CVSS 9.2v4.0pub. 2024-09-12upd. 2025-01-31

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Rockwellautomation Factorytalk View

    APP
    Rockwellautomation
    12.0 – 14.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEXSSPath Traversal
CWE
References

Related vulnerabilities

CVE-2023-2071CRITICAL9.8ten sam produkt

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input,...

CVE-2020-12029CRITICAL9.0ten sam produkt

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A ...

CVE-2025-9063HIGH7.0ten sam produkt

An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX co...

CVE-2025-9064HIGH8.7ten sam produkt

A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attac...

CVE-2024-37365HIGH7.0ten sam produkt

A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save p...