CVE-2024-3640

Summary

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationFactoryTalk® Remote Access™v13.5.0.174affected

Weaknesses

  • CWE-428: CWE-428 Unquoted Search Path or Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References