Back

CVE-2024-6325

July 16, 2024, 6 p.m.

Undergoing Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

Rockwell Automation FactoryTalk Policy Manager

  • v6.40

Source

PSIRT@rockwellautomation.com

Tags

CWE-269
PSIRT@rockwellautomation.com
2024-07-16
CVE-2024-6325

CVE-2024-6325 details

Published : July 16, 2024, 5:15 p.m.
Last Modified : July 16, 2024, 6 p.m.

Description

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-269 Improper Privilege Management The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

URL Source
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html PSIRT@rockwellautomation.com
This website uses the NVD API, but is not approved or certified by it.