Local Code Injection Vulnerability in Rockwell Automation Products
CVE-2025-24482

7HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® View Site Edition
Vendor: CVE Published:; 28 January 2025

Summary

A significant local code injection vulnerability has been identified in the FactoryTalk Services Platform. This issue arises from incorrect default permissions, enabling the execution of DLL files with escalated privileges. This behavior poses a risk of unauthorized code execution, potentially compromising system integrity and security. Users are advised to review their configurations and apply necessary updates to mitigate the potential risks associated with this vulnerability.

Affected Version(s)

FactoryTalk® View Site Edition <V15

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 21, 2025