Incorrect Permission Assignment Vulnerability in Rockwell Automation Products
CVE-2025-24481

7HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® View Site Edition
Vendor: CVE Published:; 28 January 2025

Summary

A vulnerability has been identified in Rockwell Automation’s Remote Debugger that stems from improper permission assignments to its remote debugger port. This oversight can result in unauthenticated access to sensitive system configurations, potentially allowing unauthorized users to manipulate system settings and increase the risk of exploitative actions within the environment.

Affected Version(s)

FactoryTalk® View Site Edition <V15

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 21, 2025