CVE-2024-6325
MEDIUMRockwell Automation FactoryTalk <6.40 - Privilege Escalation
Title source: llmDescription
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html
References (1)
Core 1
Core References
Mitigation, Vendor Advisory
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html
Scores
CVSS v3
6.5
EPSS
0.0004
EPSS Percentile
11.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
CWE-276
Status
published
Products (1)
rockwellautomation/factorytalk_policy_manager
6.40.0
Published
Jul 16, 2024
Tracked Since
Feb 18, 2026