CVE-2024-45824

CRITICAL

Rockwell FactoryTalk View 12.0-13.0 - RCE via Path Traversal & Command Injection

Title source: llm

Description

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.

References (1)

Core 1

Core References

Vendor Advisory

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html

Scores

CVSS v3 9.8

EPSS 0.0154

EPSS Percentile 81.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

rockwellautomation/factorytalk_view 12.0 - 14.0

Published Sep 12, 2024

Tracked Since Feb 18, 2026