CVE-2017-6015 in Automation FactoryTalk Activationinformation

Résumé

par MITRE

Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Réserver

16/02/2017

Divulgation

11/05/2018

Modérer

accepté

Entrée

VDB-117628

CPE

prêt

EPSS

0.00054

KEV

non

Activités

très faible

Secteur

Government, Chemical, ...

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2017-6015
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2017-6015
CVE Detailshttps://www.cvedetails.com/cve/CVE-2017-6015/

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!