Remote Code Execution Vulnerability in Rockwell Automation Product
CVE-2025-24480

9.3CRITICAL

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® View Machine Edition
Vendor: CVE Published:; 28 January 2025

Summary

A significant remote code execution vulnerability has been identified in Rockwell Automation's industrial software. This issue arises from inadequate input sanitization processes, which could be exploited by a remote attacker to execute arbitrary commands or code with elevated privileges. As a result, this vulnerability poses serious risks, making it essential for affected users to take immediate action to secure their systems against potential exploitation.

Affected Version(s)

FactoryTalk® View Machine Edition <V15

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 21, 2025