Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-6326

Summary
Assigner-Rockwell
Assigner Org ID-b73dd486-f505-4403-b634-40b078b177f0
Published At-16 Jul, 2024 | 16:51
Updated At-01 Aug, 2024 | 21:33
Rejected At-
Credits

Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Rockwell
Assigner Org ID:b73dd486-f505-4403-b634-40b078b177f0
Published At:16 Jul, 2024 | 16:51
Updated At:01 Aug, 2024 | 21:33
Rejected At:
▼CVE Numbering Authority (CNA)
Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network.

Affected Products
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
FactoryTalk® System Services (installed via FTPM)
Default Status
unaffected
Versions
Affected
  • v6.40
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
FactoryTalk® Policy Manager (FTPM)
Default Status
unaffected
Versions
Affected
  • v6.40
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
4.01.8LOW
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Version: 4.0
Base score: 1.8
Base severity: LOW
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-122CAPEC-122 Privilege Abuse
CAPEC ID: CAPEC-122
Description: CAPEC-122 Privilege Abuse
Solutions

Users using the affected software are encouraged to implement the following steps to invalidate the existing vulnerable private keys/digital certificates and regenerate new secure ones. Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html
N/A
Hyperlink: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html
x_transferred
Hyperlink: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT@rockwellautomation.com
Published At:16 Jul, 2024 | 17:15
Updated At:23 Sep, 2024 | 17:02

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.01.8LOW
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 1.8
Base severity: LOW
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Rockwell Automation, Inc.
rockwellautomation
>>factorytalk_policy_manager>>6.40.0
cpe:2.3:a:rockwellautomation:factorytalk_policy_manager:6.40.0:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>factorytalk_system_services>>6.40.0
cpe:2.3:a:rockwellautomation:factorytalk_system_services:6.40.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarynvd@nist.gov
CWE-269SecondaryPSIRT@rockwellautomation.com
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-269
Type: Secondary
Source: PSIRT@rockwellautomation.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.htmlPSIRT@rockwellautomation.com
Mitigation
Vendor Advisory
Hyperlink: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html
Source: PSIRT@rockwellautomation.com
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

107Records found
CVE-2024-51765
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.70%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 21:42
Updated-19 Nov, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-Cray System Management Softwarecray_system_management_software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3155
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-3.8||LOW
EPSS-0.04% / 10.89%
||
7 Day CHG~0.00%
Published-17 Feb, 2022 | 22:15
Updated-03 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
snapd created ~/snap with too-wide permissions

snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Action-Not Available
Vendor-Canonical Ltd.
Product-snapdubuntu_linuxsnapd
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-44135
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.94%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:23
Updated-19 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-1258
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.78%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:17
Updated-12 Nov, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.McAfee, LLCMicrosoft Corporation
Product-agent_epolicy_orchestrator_extensionwindowsanyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-0381
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.65%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 16:09
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153466381

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-29962
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.04%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 04:15
Updated-04 Feb, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure file permission setting that makes files world-readable

Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_sannavBrocade SANnavsannav
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-6668
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.36%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 21:47
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5 may allow unprivileged users to access files owned by root.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerBIG-IP APM Edge Client
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found