Details of VAR-202408-2038

ID

VAR-202408-2038

CVE

CVE-2024-7513

TITLE

Rockwell Automation FactoryTalk View SE Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-38542

DESCRIPTION

CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States

Trust: 1.44

sources: NVD: CVE-2024-7513 // CNVD: CNVD-2024-38542

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-38542

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk view	scope:	gte	version:	13.0	Trust: 1.0
vendor:	rockwell	model:	automation factorytalk view se	scope:	eq	version:	13.0	Trust: 0.6

sources: CNVD: CNVD-2024-38542 // NVD: CVE-2024-7513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-7513
value:	HIGH
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2024-7513
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-38542
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-38542
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-7513
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-38542 // NVD: CVE-2024-7513 // NVD: CVE-2024-7513

PROBLEMTYPE DATA

problemtype:

CWE-732

Trust: 1.0

sources: NVD: CVE-2024-7513

PATCH

title:

Patch for Rockwell Automation FactoryTalk View SE Code Execution Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/593031

Trust: 0.6

sources: CNVD: CNVD-2024-38542

EXTERNAL IDS

db:	NVD	id:	CVE-2024-7513	Trust: 1.6
db:	CNVD	id:	CNVD-2024-38542	Trust: 0.6

sources: CNVD: CNVD-2024-38542 // NVD: CVE-2024-7513

REFERENCES

url:	https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd%201688.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-7513	Trust: 0.6

sources: CNVD: CNVD-2024-38542 // NVD: CVE-2024-7513

SOURCES

db:	CNVD	id:	CNVD-2024-38542
db:	NVD	id:	CVE-2024-7513

LAST UPDATE DATE

2025-01-31T23:22:55.415000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-38542	date:	2024-09-19T00:00:00
db:	NVD	id:	CVE-2024-7513	date:	2025-01-31T15:25:24.030

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-38542	date:	2024-09-19T00:00:00
db:	NVD	id:	CVE-2024-7513	date:	2024-08-14T20:15:13.013