TROYANOSYVIRUS
Retour aux CVEs

CVE-2019-25276

HIGH
7.8

Description

Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\ to inject malicious code that would execute with LocalSystem permissions.

Details CVE

Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie2/5/2026
Derniere modification2/5/2026
Sourcenvd
Observations honeypot0

Faiblesses (CWE)

CWE-428

References

https://www.exploit-db.com/exploits/47676(disclosure@vulncheck.com)
https://www.rockwellautomation.com/en_NA/overview.page(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/studio-logix-designer-factorytalk-activation-service-unquoted-service-path(disclosure@vulncheck.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.