CVE-2024-45824
published 2024-09-12CVE-2024-45824: CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.28%
66.5th percentile
CVE-2024-45824 IMPACT
A remote
code vulnerability exists in the affected products. The vulnerability occurs
when chained with Path Traversal, Command Injection, and XSS Vulnerabilities
and allows for full unauthenticated remote code execution. The link in the
mitigations section below contains patches to fix this issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_view_site_edition | — | — |
| rockwellautomation | factorytalk_view | 12.0 – 14.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability chain involves Path Traversal, Command Injection, and XSS — monitor for chained exploitation attempts against FactoryTalk View Site Edition web endpoints, particularly unauthenticated requests exhibiting path traversal patterns (e.g., '../') combined with command injection payloads ↗
- →Target affected versions: FactoryTalk View Site Edition V12.0, V13.0, V14.0 — prioritize detection/patching on these specific versions ↗
- →Exploitation requires no authentication, no user interaction, and is network-accessible with low attack complexity — treat any anomalous unauthenticated remote requests to FactoryTalk View Site Edition as high-priority alerts ↗
- ·No known public exploitation has been reported at time of advisory publication; threat landscape may have changed since September 12, 2024 ↗
- ·The vulnerability requires chaining of multiple weakness types (Path Traversal + Command Injection + XSS); detection logic should account for multi-stage attack sequences rather than single-indicator triggers ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gpxp-f9r6-4g34: CVE-2024-45824 IMPACT
A remote
code vulnerability exists in the affected products
ghsa_unreviewed·2024-09-12·CVSS 9.2
CVE-2024-45824 [CRITICAL] CWE-77 GHSA-gpxp-f9r6-4g34: CVE-2024-45824 IMPACT
A remote
code vulnerability exists in the affected products
CVE-2024-45824 IMPACT
A remote
code vulnerability exists in the affected products. The vulnerability occurs
when chained with Path Traversal, Command Injection, and XSS Vulnerabilities
and allows for full unauthenticated remote code execution. The link in the
mitigations section below contains patches to fix this issue.
CISA ICS
Rockwell Automation FactoryTalk View Site
cisa_ics·2024-09-12·CVSS 9.2
[CRITICAL] Rockwell Automation FactoryTalk View Site
ICS Advisory
##
Rockwell Automation FactoryTalk View Site
Release DateSeptember 12, 2024
Alert CodeICSA-24-256-23
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk
- Vulnerability: Command Injection
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform unauthenticated remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Rockwell Automation FactoryTalk View Site, are affected:
- FactoryTalk View Site Edition: Versions V12.0, V13.0, V14.0
## 3.2 Vulnerability Overvie
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-12
Published