Lucene search

RockwellCVE-2024-6325

HistoryJul 16, 2024 - 5:15 p.m.

CVE-2024-6325

2024-07-1617:15:11

CWE-276

CWE-269

Rockwell

web.nvd.nist.gov

rockwell automation

factorytalk policy manager

v6.40

security vulnerabilities

cip security

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:H/VI:N/SI:N/VA:N/SA:N

AI Score

6.7

Confidence

Low

EPSS

0.009

Percentile

82.9%

JSON

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html

Affected configurations

Nvd

Node

rockwellautomationfactorytalk_policy_managerMatch6.40.0

VendorProductVersionCPE
rockwellautomationfactorytalk_policy_manager6.40.0cpe:/a:rockwellautomation:factorytalk_policy_manager:6.40.0:::

Vendor	Product	Version	CPE
rockwellautomation	factorytalk_policy_manager	6.40.0	cpe:/a:rockwellautomation:factorytalk_policy_manager:6.40.0:::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FactoryTalk® System Services (installed via FTPM)",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "6.40"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "FactoryTalk® Policy Manager (FTPM)",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v6.40"
      }
    ]
  }
]

References

www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:H/VI:N/SI:N/VA:N/SA:N

AI Score

6.7

Confidence

Low

EPSS

0.009

Percentile

82.9%

JSON

Related for CVE-2024-6325