CVE-2024-7513
published 2024-08-14CVE-2024-7513: CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing…
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.66%
73.6th percentile
CVE-2024-7513 IMPACT
A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_view_site_edition | — | — |
| rockwellautomation | factorytalk_view | >= 13.0 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.5HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6cpv-q9vf-2h3j: CVE-2024-7513 IMPACT
A code execution vulnerability exists in the affected product
ghsa_unreviewed·2024-08-14·CVSS 8.5
CVE-2024-7513 [HIGH] CWE-732 GHSA-6cpv-q9vf-2h3j: CVE-2024-7513 IMPACT
A code execution vulnerability exists in the affected product
CVE-2024-7513 IMPACT
A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.
CISA ICS
Rockwell Automation FactoryTalk View Site Edition (Update A)
cisa_ics·2024-08-29·CVSS 8.5
[HIGH] Rockwell Automation FactoryTalk View Site Edition (Update A)
ICS Advisory
##
Rockwell Automation FactoryTalk View Site Edition (Update A)
Last RevisedAugust 29, 2024
Alert CodeICSA-24-226-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.5
- ATTENTION: Low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk View Site Edition
- Vulnerability: Incorrect Permission Assignment for Critical Resource
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow any user to edit or replace files, which are executed by account with elevated permissions.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Rockwell Automation reports that the following versions of FactoryTalk, an HMI application, are
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-14
Published