A remote code execution vulnerability exists in the affected\nproduct. The vulnerability allows users to save projects within the public\ndirectory allowing anyone with local access to modify and/or delete files. Additionally,\na malicious user could potentially leverage this vulnerability to escalate\ntheir privileges by changing the macro to execute arbitrary code.
"}],"value":"A remote code execution vulnerability exists in the affected\nproduct. The vulnerability allows users to save projects within the public\ndirectory allowing anyone with local access to modify and/or delete files. Additionally,\na malicious user could potentially leverage this vulnerability to escalate\ntheir privileges by changing the macro to execute arbitrary code."}],"impacts":[{"capecId":"CAPEC-242","descriptions":[{"lang":"en","value":"CAPEC-242 Code Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":7,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b73dd486-f505-4403-b634-40b078b177f0","shortName":"Rockwell","dateUpdated":"2024-11-12T14:52:55.556Z"},"references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade to Version 15"}],"value":"Upgrade to Version 15"}],"source":{"discovery":"INTERNAL"},"title":"FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"· \nTo enhance security and\nprevent unauthorized modifications to HMI project files, harden the Windows OS\nby removing the INTERACTIVE group from the folder’s\nsecurity properties.
\n\n· \nAdd specific users or user\ngroups and assign their permissions to this folder using the least privileges\nprinciple. Users with read-only permission can still test run and run the\nFactoryTalk View ME Station.
\n\n· \nGuidance can be found in\nFactoryTalk View ME v14 Help topic: “HMI projects folder settings”. It can be opened through\nFactoryTalk View ME Studio menu “help\\Contents\\FactoryTalk View ME Help\\Create\na Machine Edition application->Open applications->HMI project folder settings”. Security\nBest Practices
\n\n\n\n\n\n