csaf_certbund - wid-sec-w-2024-1954

WID-SEC-W-2024-1954

Vulnerability from csaf_certbund - Published: 2024-08-29 22:00 - Updated: 2024-08-29 22:00

Summary

Rockwell Automation FactoryTalk: Schwachstelle ermöglicht Privilegieneskalation und Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

FactoryTalk ist eine Software für die industrielle Automatisierung, die zur Maximierung der Effizienz und Steigerung der Anlagenproduktivität entwickelt wurde.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Rockwell Automation FactoryTalk ausnutzen, um seine Privilegien zu erhöhen oder um beliebigen Code auszuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FactoryTalk ist eine Software f\u00fcr die industrielle Automatisierung, die zur Maximierung der Effizienz und Steigerung der Anlagenproduktivit\u00e4t entwickelt wurde.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Rockwell Automation FactoryTalk ausnutzen, um seine Privilegien zu erh\u00f6hen oder um beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1954 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1954.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1954 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1954"
      },
      {
        "category": "external",
        "summary": "Rockwell Automation Security Advisory SD 1688 vom 2024-08-29",
        "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
      },
      {
        "category": "external",
        "summary": "CISA Advisory",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-06"
      }
    ],
    "source_lang": "en-US",
    "title": "Rockwell Automation FactoryTalk: Schwachstelle erm\u00f6glicht Privilegieneskalation und Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-08-29T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-30T08:08:17.130+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-1954",
      "initial_release_date": "2024-08-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=13.0",
                "product": {
                  "name": "Rockwell Automation FactoryTalk \u003c=13.0",
                  "product_id": "T036823"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=13.0",
                "product": {
                  "name": "Rockwell Automation FactoryTalk \u003c=13.0",
                  "product_id": "T036823-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "FactoryTalk"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7513",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Rockwell Automation FactoryTalk. Dieser Fehler existiert wegen ungeeigneter Standard-Dateiberechtigungen, die es jedem Benutzer erlauben, Dateien zu bearbeiten oder zu ersetzen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern oder beliebigen Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T036823"
        ]
      },
      "release_date": "2024-08-29T22:00:00.000+00:00",
      "title": "CVE-2024-7513"
    }
  ]
}

CVE-2024-7513 (GCVE-0-2024-7513)

Vulnerability from cvelistv5 – Published: 2024-08-14 19:48 – Updated: 2025-08-15 13:03

Summary

CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Assigner

Rockwell

References

URL

Tags

https://www.rockwellautomation.com/en-us/trust-ce…

Impacted products

	Vendor	Product	Version
	Rockwell Automation	FactoryTalk View Site Edition	Affected: 13.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:factorytalk_view:13.0:*:*:*:se:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "factorytalk_view",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "status": "affected",
                "version": "13.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7513",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T20:09:08.721442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T20:16:25.948Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FactoryTalk View Site Edition",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "13.0"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cb\u003eCVE-2024-7513 IMPACT\u003c/b\u003e\u003c/p\u003e\u003cp\u003eA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.\u003c/p\u003e"
            }
          ],
          "value": "CVE-2024-7513 IMPACT\n\nA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-576",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-576 Group Permission Footprinting"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-15T13:03:12.526Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to v15.0"
            }
          ],
          "value": "Upgrade to v15.0"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Rockwell Automation FactoryTalk\u00ae View Site Edition Code Execution Vulnerability via File Permissions",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCustomers using the affected software are encouraged to apply security best practices, if possible.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eRemove \u201cEveryone\u201d user group from read and write privileges by changing the FactoryTalk\u00ae View SE project folder permissions using the help guide. Detailed instructions are below. \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eOpen FactoryTalk\u00ae View Studio -\u0026gt; Help -\u0026gt; FactoryTalk\u00ae View SE Help. I\u003cspan style=\"background-color: var(--wht);\"\u003en the file -\u0026gt; Security -\u0026gt; \u201cHMI projects folder\u201d\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Customers using the affected software are encouraged to apply security best practices, if possible.\n\n  *  Remove \u201cEveryone\u201d user group from read and write privileges by changing the FactoryTalk\u00ae View SE project folder permissions using the help guide. Detailed instructions are below. \n\n\n\n\n  *  Open FactoryTalk\u00ae View Studio -\u003e Help -\u003e FactoryTalk\u00ae View SE Help. In the file -\u003e Security -\u003e \u201cHMI projects folder\u201d"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-7513",
    "datePublished": "2024-08-14T19:48:46.656Z",
    "dateReserved": "2024-08-05T20:18:13.759Z",
    "dateUpdated": "2025-08-15T13:03:12.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-1954

CVE-2024-7513 (GCVE-0-2024-7513)

Tags

Sightings

Nomenclature