Analysis Summary

CVE-2024-10944 CVSS:8.4

Rockwell Automation FactoryTalk Updater could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-10943 CVSS:9.1

Rockwell Automation FactoryTalk Updater could allow a remote attacker to bypass security restrictions, caused by the use of shared secrets across accounts. By sending a specially crafted request, an attacker could exploit this vulnerability to impersonate a user.

CVE-2024-6068 CVSS:7.3

Rockwell Automation Arena Input Analyzer could allow a local authenticated attacker to execute arbitrary code on the system, caused by a memory corruption flaw. By parsing a specially crafted DFT file, an attacker could exploit this vulnerability to execute arbitrary code and obtain sensitive information on the system.

CVE-2024-10945 CVSS:7.3

Rockwell Automation FactoryTalk Updater could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper security checks before installation. By replacing a specially crafted file, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

Impact

• Security Bypass
• Code Execution
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2024-10944
• CVE-2024-10943
• CVE-2024-6068
• CVE-2024-10945

Affected Vendors

Affected Products

• Rockwell Automation FactoryTalk Updater - 4.00.00
• Rockwell Automation Arena Input Analyzer - 16.20.03

Remediation

Refer to Rockwell Automation Security Advisory for patch, upgrade or suggested workaround information.

Rockwell Automation FactoryTalk Updater

Rockwell Automation Arena Input Analyzer