Main Vulnerability Database Vulnerabilities #VU103428

#VU103428 Code Injection in FactoryTalk View SE - CVE-2025-24482

Published: January 29, 2025

Vulnerability identifier: #VU103428

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-24482

CWE-ID: CWE-94

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FactoryTalk View SE

Software vendor:
Rockwell Automation

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to incorrect default permissions. A local attacker can use specially crafted DLLs and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1720.html
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-04

#VU103428 Code Injection in FactoryTalk View SE - CVE-2025-24482

Description

Remediation

External links

Please verify you're human