CVE-2024-6325 — MEDIUM (6.5)

Vulnerability Description

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Rockwellautomation	Factorytalk Policy Manager	6.40.0

Related Weaknesses (CWE)

CWE-269 CWE-276

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisoMitigationVendor Advisory
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisoMitigationVendor Advisory

FAQ

What is CVE-2024-6325?

CVE-2024-6325 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 h...

How severe is CVE-2024-6325?

CVE-2024-6325 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-6325?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Factorytalk Policy Manager.