Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-3640

Published: 16/05/2024 Updated: 17/05/2024

Vulnerability Summary

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0ec6b06bd14150ca205cd8afb850089c
Critical Infrastructure Sectors: Chemical, Commercial Facilities, Critical Manufacturing, Energy, Government Facilities, Water and Wastewater Systems

References

https://www.rockwellautomation.com/en-us/support/advisory.SD1671.htmlhttps://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-135-01
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710arbitrary CVE-2024-5272CVE-2024-2961brute forceremoteCVE-2024-32944CVE-2024-36241CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook