CVSS 3.1 Score 9.0 of 10 (high)


Published Feb 16, 2024
CWE ID 732


CVE-2024-21915 is a privilege escalation vulnerability affecting Rockwell Automation FactoryTalk® Service Platform (FTSP). This vulnerability allows a malicious user with basic user group privileges to gain FTSP Administrator Group privileges. Exploiting this vulnerability could enable the threat actor to read and modify sensitive data, delete data, and potentially render the FTSP system unavailable. The vulnerability has a base severity rating of CRITICAL with a CVSS score of 9.0. It requires no privileges and no user interaction to exploit, and the attack vector is through the network. The integrity and confidentiality impacts are assessed as HIGH, while the availability impact is also rated as HIGH. It is recommended to apply appropriate patches or updates provided by Rockwell Automation to mitigate this vulnerability.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21915 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options