Details of VAR-202408-2038

ID

VAR-202408-2038

CVE

CVE-2024-7513

TITLE

Rockwell Automation of FactoryTalk View Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2024-017967

DESCRIPTION

CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions. Rockwell Automation of FactoryTalk View Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States

Trust: 2.16

sources: NVD: CVE-2024-7513 // JVNDB: JVNDB-2024-017967 // CNVD: CNVD-2024-38542

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-38542

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk view	scope:	gte	version:	13.0	Trust: 1.0
vendor:	rockwell automation	model:	factorytalk view	scope:	eq	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	factorytalk view	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	factorytalk view	scope:	eq	version:	13.0 that's all	Trust: 0.8
vendor:	rockwell	model:	automation factorytalk view se	scope:	eq	version:	13.0	Trust: 0.6

sources: CNVD: CNVD-2024-38542 // JVNDB: JVNDB-2024-017967 // NVD: CVE-2024-7513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-7513
value:	HIGH
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2024-7513
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-7513
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-38542
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-38542
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-7513
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-7513
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-38542 // JVNDB: JVNDB-2024-017967 // NVD: CVE-2024-7513 // NVD: CVE-2024-7513

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.0
problemtype:	Improper permission assignment for critical resources (CWE-732) [ others ]	Trust: 0.8
problemtype:	Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-017967 // NVD: CVE-2024-7513

PATCH

title:

Patch for Rockwell Automation FactoryTalk View SE Code Execution Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/593031

Trust: 0.6

sources: CNVD: CNVD-2024-38542

EXTERNAL IDS

db:	NVD	id:	CVE-2024-7513	Trust: 3.2
db:	ICS CERT	id:	ICSA-24-226-06	Trust: 0.8
db:	JVN	id:	JVNVU90425347	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-017967	Trust: 0.8
db:	CNVD	id:	CNVD-2024-38542	Trust: 0.6

sources: CNVD: CNVD-2024-38542 // JVNDB: JVNDB-2024-017967 // NVD: CVE-2024-7513

REFERENCES

url:	https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd%201688.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-7513	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu90425347/	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-06	Trust: 0.8

sources: CNVD: CNVD-2024-38542 // JVNDB: JVNDB-2024-017967 // NVD: CVE-2024-7513

SOURCES

db:	CNVD	id:	CNVD-2024-38542
db:	JVNDB	id:	JVNDB-2024-017967
db:	NVD	id:	CVE-2024-7513

LAST UPDATE DATE

2025-02-06T22:42:26.666000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-38542	date:	2024-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-017967	date:	2025-02-04T08:41:00
db:	NVD	id:	CVE-2024-7513	date:	2025-01-31T15:25:24.030

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-38542	date:	2024-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-017967	date:	2025-02-04T00:00:00
db:	NVD	id:	CVE-2024-7513	date:	2024-08-14T20:15:13.013