CVE-2024-6326

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html	Mitigation Vendor Advisory
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rockwellautomation:factorytalk_policy_manager:6.40.0:::::::*
	cpe:2.3:a:rockwellautomation:factorytalk_system_services:6.40.0:::::::*

History

No history.

Information

Published : 2024-07-16 17:15

Updated : 2024-11-21 09:49

NVD link : CVE-2024-6326

Mitre link : CVE-2024-6326

CVE.ORG link : CVE-2024-6326

JSON object : View

Products Affected

rockwellautomation

factorytalk_policy_manager
factorytalk_system_services

CWE

CWE-269

Improper Privilege Management

CWE-276

Incorrect Default Permissions

{"id": "CVE-2024-6326", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 1.8, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-16T17:15:12.117", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}, {"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk\u00ae System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which\u00a0temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network."}, {"lang": "es", "value": "Existe una exposici\u00f3n de vulnerabilidad de informaci\u00f3n confidencial en el servicio del sistema FactoryTalk\u00ae de Rockwell Automation. Un usuario malintencionado podr\u00eda aprovechar esta vulnerabilidad iniciando un proceso de copia de seguridad o restauraci\u00f3n, que expone temporalmente claves privadas, contrase\u00f1as, claves previamente compartidas y carpetas de bases de datos cuando se copian temporalmente en una carpeta provisional. Esta vulnerabilidad se debe a la falta de permisos expl\u00edcitos establecidos en la carpeta de respaldo. Si un usuario malintencionado obtiene claves privadas, podr\u00eda hacerse pasar por recursos en la red segura."}], "lastModified": "2024-11-21T09:49:26.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_policy_manager:6.40.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "299FCB32-7567-4B8C-9F70-EB520975B67E"}, {"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_system_services:6.40.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB55AB67-6380-45A9-8634-175C651AC333"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}