Remote Code Execution Vulnerability in FactoryTalk® Remote Access™ Could Allow Threat Actors to Run Malicious Code as System User
CVE-2024-3640

Currently unrated

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® Remote Access™
Vendor: CVE Published:; 16 May 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.

Affected Version(s)

FactoryTalk® Remote Access™ v13.5.0.174

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-3640_WafBypass
Created by H1ng007

References

https://www.rockwellautomation.com/en-us/support/advisory...

Timeline

🟡
Public PoC available
Apr 9, 2025
👾
Exploit known to exist
Apr 9, 2025
Vulnerability published
May 16, 2024
Vulnerability Reserved
Apr 10, 2024