FKIE_CVE-2024-6326

Vulnerability from fkie_nvd - Published: 2024-07-16 17:15 - Updated: 2024-11-21 09:49
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network.
References
PSIRT@rockwellautomation.comhttps://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.htmlMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.htmlMitigation, Vendor Advisory
Impacted products
Vendor Product Version
rockwellautomation factorytalk_policy_manager 6.40.0
rockwellautomation factorytalk_system_services 6.40.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rockwellautomation:factorytalk_policy_manager:6.40.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "299FCB32-7567-4B8C-9F70-EB520975B67E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:factorytalk_system_services:6.40.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB55AB67-6380-45A9-8634-175C651AC333",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk\u00ae System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which\u00a0temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network."
    },
    {
      "lang": "es",
      "value": "Existe una exposici\u00f3n de vulnerabilidad de informaci\u00f3n confidencial en el servicio del sistema FactoryTalk\u00ae de Rockwell Automation. Un usuario malintencionado podr\u00eda aprovechar esta vulnerabilidad iniciando un proceso de copia de seguridad o restauraci\u00f3n, que expone temporalmente claves privadas, contrase\u00f1as, claves previamente compartidas y carpetas de bases de datos cuando se copian temporalmente en una carpeta provisional. Esta vulnerabilidad se debe a la falta de permisos expl\u00edcitos establecidos en la carpeta de respaldo. Si un usuario malintencionado obtiene claves privadas, podr\u00eda hacerse pasar por recursos en la red segura."
    }
  ],
  "id": "CVE-2024-6326",
  "lastModified": "2024-11-21T09:49:26.167",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 1.8,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "NONE",
          "userInteraction": "ACTIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "PSIRT@rockwellautomation.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-16T17:15:12.117",
  "references": [
    {
      "source": "PSIRT@rockwellautomation.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html"
    }
  ],
  "sourceIdentifier": "PSIRT@rockwellautomation.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "PSIRT@rockwellautomation.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.