cvedb.io
CVE-2024-6326
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2024-07-16T17:15:12.117 · Last modified 2026-06-17T08:17:47.077

Summary

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network.

Affected products

rockwellautomation — factorytalk_policy_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when rockwellautomation ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.