CVE-2024-7513
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
CVE-2024-7513 IMPACT
A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rockwell Automation | FactoryTalk View Site Edition | 13.0 | affected |
Weaknesses
- CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource
Workarounds
Customers using the affected software are encouraged to apply security best practices, if possible.
Remove “Everyone” user group from read and write privileges by changing the FactoryTalk® View SE project folder permissions using the help guide. Detailed instructions are below.
Open FactoryTalk® View Studio -> Help -> FactoryTalk® View SE Help. In the file -> Security -> “HMI projects folder”
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.