CVE-2025-24482

Summary

A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationFactoryTalk® View Site Edition<V15affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

Workarounds

Check the environment variables (PATH), and make sure FactoryTalk® View SE installation path (C:\Program Files (x86)\Common Files\Rockwell) is before all others

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References