CVE-2024-7513

Summary

CVE-2024-7513 IMPACT

A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationFactoryTalk View Site Edition13.0affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

Workarounds

Customers using the affected software are encouraged to apply security best practices, if possible.

  • Remove “Everyone” user group from read and write privileges by changing the FactoryTalk® View SE project folder permissions using the help guide. Detailed instructions are below.

  • Open FactoryTalk® View Studio -> Help -> FactoryTalk® View SE Help. In the file -> Security -> “HMI projects folder”

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References