Primary

Context

Rockwell Automation FactoryTalk View SE Local Code Injection Vulnerability

Vulnerability

A local code injection vulnerability has been identified in Rockwell Automation's FactoryTalk View Site Edition versions prior to 15.0. This vulnerability arises from incorrect default permissions, allowing DLLs to be executed with elevated privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with higher-level permissions, potentially allowing malicious actors to manipulate the system or application in unintended ways.

Remediation

Users are advised to upgrade to version 15.0 or apply the patch available for versions 12, 13, and 14. For version 14, refer to Answer ID 1152306. Additionally, check the environment variables to ensure the FactoryTalk View SE installation path is prioritized before others.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation FactoryTalk View SE Local Code Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating