← back
CVE-2017-6015

CVE-2017-6015

EPSS 0.7%CWE-428
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.
Affected products
Rockwell Automation · FactoryTalk Activation

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ics-cert.us-cert.gov/advisories/ICSA-17-047-02https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382http://www.securityfocus.com/bid/96996