CVE-2024-6325

Summary

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationFactoryTalk® System Services (installed via FTPM)6.40affected
Rockwell AutomationFactoryTalk® Policy Manager (FTPM)v6.40affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References