Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-6325— Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services

EPSS 0.04% · P13
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-6325

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services
Source: NVD (National Vulnerability Database)
Vulnerability Description
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权管理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rockwell Automation FactoryTalk Policy Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rockwell Automation FactoryTalk Policy Manager是美国罗克韦尔(Rockwell Automation)公司的一个策略管理器。 Rockwell Automation FactoryTalk Policy Manager 6.40版本存在安全漏洞,该漏洞源于允许私钥以不安全的方式存储,导致攻击者可冒充安全网络上的资源。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Rockwell AutomationFactoryTalk® System Services (installed via FTPM) 6.40 -
Rockwell AutomationFactoryTalk® Policy Manager (FTPM) v6.40 -

II. Public POCs for CVE-2024-6325

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-6325

登录查看更多情报信息。

Same Patch Batch · Rockwell Automation · 2024-07-16 · 4 CVEs total

CVE-2024-6435Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®
CVE-2024-6326Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services
CVE-2024-6089Rockwell Automation Major nonrecoverable fault in 5015 – AENFTXT

IV. Related Vulnerabilities

Same product: FactoryTalk® System Services (installed via FTPM)
Same vendor: Rockwell Automation
Same weakness: CWE-269

V. Comments for CVE-2024-6325

No comments yet

Leave a comment