Sign-up

ID

VAR-202402-1769


CVE

CVE-2024-21915


DESCRIPTION

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable

Trust: 0.99

sources: NVD: CVE-2024-21915 // VULMON: CVE-2024-21915

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:factorytalk services platformscope:ltversion:2.74

Trust: 1.0

sources: NVD: CVE-2024-21915

CVSS

SEVERITY

CVSSV2

CVSSV3

PSIRT@rockwellautomation.com: CVE-2024-21915
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2024-21915
value: HIGH

Trust: 1.0

PSIRT@rockwellautomation.com: CVE-2024-21915
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-21915
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2024-21915 // NVD: CVE-2024-21915

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

sources: NVD: CVE-2024-21915

EXTERNAL IDS

db:NVDid:CVE-2024-21915

Trust: 1.1

db:ICS CERTid:ICSA-24-046-16

Trust: 0.1

db:VULMONid:CVE-2024-21915

Trust: 0.1

sources: VULMON: CVE-2024-21915 // NVD: CVE-2024-21915

REFERENCES

url:https://www.rockwellautomation.com/en-us/support/advisory.sd1662.html

Trust: 1.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-16

Trust: 0.1

sources: VULMON: CVE-2024-21915 // NVD: CVE-2024-21915

SOURCES

db:VULMONid:CVE-2024-21915
db:NVDid:CVE-2024-21915

LAST UPDATE DATE

2024-12-12T22:57:51.331000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2024-21915date:2024-02-16T00:00:00
db:NVDid:CVE-2024-21915date:2024-12-11T19:31:28.200

SOURCES RELEASE DATE

db:VULMONid:CVE-2024-21915date:2024-02-16T00:00:00
db:NVDid:CVE-2024-21915date:2024-02-16T19:15:08.460