CVE-2025-24481
published 2025-01-28CVE-2025-24481: An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being…
PriorityP430high7CVSS 4.0
AVLACLATNPRNUINVCLVILVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.16%
5.6th percentile
An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_view_site_edition | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fv95-67f8-c94p: An Incorrect Permission Assignment Vulnerability exists in the product and version listed above
ghsa_unreviewed·2025-01-28
CVE-2025-24481 [HIGH] CWE-732 GHSA-fv95-67f8-c94p: An Incorrect Permission Assignment Vulnerability exists in the product and version listed above
An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration.
CISA ICS
Rockwell Automation FactoryTalk View Site Edition
cisa_ics·2025-01-28·CVSS 7.0
[HIGH] Rockwell Automation FactoryTalk View Site Edition
ICS Advisory
##
Rockwell Automation FactoryTalk View Site Edition
Release DateJanuary 28, 2025
Alert CodeICSA-25-028-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 7.0
- ATTENTION: Low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk View Site Edition
- Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Improper Control of Generation of Code ('Code Injection')
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to system configuration files and execute DLLs with elevated privileges.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following vers
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-28
Published