{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-7513",
        "ASSIGNER": "PSIRT@rockwellautomation.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "CVE-2024-7513 IMPACT\n\nA code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                        "cweId": "CWE-732"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Rockwell Automation",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "FactoryTalk View Site Edition",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "13.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html",
                "refsource": "MISC",
                "name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "discovery": "INTERNAL"
    },
    "work_around": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<p>Customers using the affected software are encouraged to apply security best practices, if possible.</p><ul><li><p>Remove \u201cEveryone\u201d user group from read and write privileges by changing the FactoryTalk\u00ae View SE project folder permissions using the help guide. Detailed instructions are below. </p></li></ul><ul><li><p>Open FactoryTalk\u00ae View Studio -&gt; Help -&gt; FactoryTalk\u00ae View SE Help. I<span style=\"background-color: var(--wht);\">n the file -&gt; Security -&gt; \u201cHMI projects folder\u201d</span></p></li></ul>\n\n<br>"
                }
            ],
            "value": "Customers using the affected software are encouraged to apply security best practices, if possible.\n\n  *  Remove \u201cEveryone\u201d user group from read and write privileges by changing the FactoryTalk\u00ae View SE project folder permissions using the help guide. Detailed instructions are below. \n\n\n\n\n  *  Open FactoryTalk\u00ae View Studio -> Help -> FactoryTalk\u00ae View SE Help. In the file -> Security -> \u201cHMI projects folder\u201d"
        }
    ],
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "Upgrade to v14.0"
                }
            ],
            "value": "Upgrade to v14.0"
        }
    ]
}