The part number 5069-L46ERMW refers to the Rockwell Automation FactoryTalk Remote Access (FTRA) product, which is a software solution for remote access and management of industrial control systems. The product is affected by a vulnerability, CVE-2024-3640, that allows for remote code execution if exploited. This vulnerability is rated as having a base score of 6.5/10 using the CVSS 3.1 scoring system and 7.0/10 using the CVSS 4.0 scoring system.
The vulnerability arises from an unquoted executable path in the FTRA installer package, which could allow a threat actor to enter a malicious executable and run it as a System user if they have admin privileges. This vulnerability is categorized under CWE-428: Unquoted Search Path or Element.
To mitigate this vulnerability, users are encouraged to apply security best practices, such as keeping software up-to-date with the latest versions. The affected software versions are v13.5.0.174 and earlier, and users are advised to upgrade to v13.6 or later to resolve the issue.
Additionally, users can use the Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization for the vulnerability, and they can access CVE information in Vulnerability Exploitability Exchange (VEX) format to automate vulnerability management and tracking activities.