CVE-2024-3640

May 16, 2024, 4:15 p.m.

None
No Score

Description

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.

Product(s) Impacted

Product Versions
FactoryTalk Remote Access
  • ['UNKNOWN']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html

Tags

CWE-428
2024-05-16
CVE-2024-3640
PSIRT@rockwellautomation.com

Timeline

Published: May 16, 2024, 4:15 p.m.
Last Modified: May 16, 2024, 4:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

PSIRT@rockwellautomation.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.