Ambiguous File Path Vulnerability in Rockwell Automation FactoryTalk Activation Version 4.00.02

Ambiguous File Path Vulnerability in Rockwell Automation FactoryTalk Activation Version 4.00.02

CVE-2017-6015 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.

Learn more about our User Device Pen Test.