Rockwell Automation Factorytalk View Site Edition vulnerabilities
5 known vulnerabilities affecting rockwell_automation/factorytalk_view_site_edition.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4
Vulnerabilities
Page 1 of 1
CVE-2024-45824P2CRITICALCVSS 9.8v12.0-14.02024-09-12
CVE-2024-45824 [CRITICAL] CWE-77 CVE-2024-45824: CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerabil
CVE-2024-45824 IMPACT
A remote
code vulnerability exists in the affected products. The vulnerability occurs
when chained with Path Traversal, Command Injection, and XSS Vulnerabilities
and allows for full unauthenticated remote code execution. The link in the
mitigations section below contains patches to fix this issue.
nvd
CVE-2024-7513P3HIGHCVSS 8.8v13.02024-08-14
CVE-2024-7513 [HIGH] CWE-732 CVE-2024-7513: CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerabili
CVE-2024-7513 IMPACT
A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.
nvd
CVE-2023-46289P3HIGHCVSS 7.5vversions 11.0-13.02023-10-27
CVE-2023-46289 [HIGH] CWE-20 CVE-2023-46289: Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.
nvd
CVE-2025-24481P4HIGHCVSS 7.0v<V152025-01-28
CVE-2025-24481 [HIGH] CWE-732 CVE-2025-24481: An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The
An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration.
nvd
CVE-2025-24482P4HIGHCVSS 7.0v<V152025-01-28
CVE-2025-24482 [HIGH] CWE-94 CVE-2025-24482: A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerabili
A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.
nvd