CVE-2017-6015 in Automation FactoryTalk Activation情報

要約

〜によって MITRE

Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

予約する

2017年02月16日

公開

2018年05月11日

モデレーション

承諾済み

エントリ

VDB-117628

CPE

準備完了

CWE

CWE-264 (確認済み)

CVSS

7.8 (NVD)

EPSS

0.00054

KEV

いいえ

アクティビティ

非常低い

セクター

Transportation, Energy, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-6015
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-6015
CVE Details	https://www.cvedetails.com/cve/CVE-2017-6015/

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!