cbcvebase.

Rockwell Automation Factorytalk View Site Edition vulnerabilities

5 known vulnerabilities affecting rockwell_automation/factorytalk_view_site_edition.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4

Vulnerabilities

Page 1 of 1
CVE-2024-45824P2CRITICALCVSS 9.8v12.0-14.02024-09-12
CVE-2024-45824 [CRITICAL] CWE-77 CVE-2024-45824: CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerabil CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.
nvd
CVE-2024-7513P3HIGHCVSS 8.8v13.02024-08-14
CVE-2024-7513 [HIGH] CWE-732 CVE-2024-7513: CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerabili CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.
nvd
CVE-2023-46289P3HIGHCVSS 7.5vversions 11.0-13.02023-10-27
CVE-2023-46289 [HIGH] CWE-20 CVE-2023-46289: Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.
nvd
CVE-2025-24481P4HIGHCVSS 7.0v<V152025-01-28
CVE-2025-24481 [HIGH] CWE-732 CVE-2025-24481: An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration.
nvd
CVE-2025-24482P4HIGHCVSS 7.0v<V152025-01-28
CVE-2025-24482 [HIGH] CWE-94 CVE-2025-24482: A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerabili A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.
nvd
Rockwell Automation Factorytalk View Site Edition vulnerabilities | cvebase