CVE-2025-24482
published 2025-01-28CVE-2025-24482: A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for…
PriorityP428high7CVSS 4.0
AVLACLATNPRNUINVCLVILVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.25%
15.9th percentile
A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_view_site_edition | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wx72-xp52-v927: A Local Code Injection Vulnerability exists in the product and version listed above
ghsa_unreviewed·2025-01-28
CVE-2025-24482 [HIGH] CWE-94 GHSA-wx72-xp52-v927: A Local Code Injection Vulnerability exists in the product and version listed above
A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.
CISA ICS
Rockwell Automation FactoryTalk View Site Edition
cisa_ics·2025-01-28·CVSS 7.0
[HIGH] Rockwell Automation FactoryTalk View Site Edition
ICS Advisory
##
Rockwell Automation FactoryTalk View Site Edition
Release DateJanuary 28, 2025
Alert CodeICSA-25-028-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 7.0
- ATTENTION: Low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk View Site Edition
- Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Improper Control of Generation of Code ('Code Injection')
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to system configuration files and execute DLLs with elevated privileges.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following vers
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-28
Published