Lucene search
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OT_500083.NASLHistoryNov 08, 2019 - 12:00 a.m.
Rockwellautomation Factorytalk Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
2019-11-0800:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
0.0004 Low
EPSS
Percentile
5.3%
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.
File data ot_500083.nasl| Vendor | Product | Version | CPE |
|---|---|---|---|
| rockwellautomation | factorytalk_activation | * | cpe:2.3:a:rockwellautomation:factorytalk_activation:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2017-6015
2018-05-11 13:29:00
ics
ics
Rockwell Automation FactoryTalk Activation
2017-03-21 12:00:00
prion
prion
Design/Logic Flaw
2018-05-11 13:29:00
cvelist
cvelist
CVE-2017-6015
2017-03-21 00:00:00
nessus
nessus
Rockwell (CVE-2017-6015) (deprecated)
2022-02-07 00:00:00
Rockwell FactoryTalk Activation Manager < 4.01.00 Privilege Escalation
2024-01-22 00:00:00
nvd
nvd
CVE-2017-6015
2018-05-11 13:29:00