CVE-2024-6325

Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services

Description

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html

Remediation

Solution:

  • Users using the affected software are encouraged to implement the following steps to invalidate the existing vulnerable private keys/digital certificates and regenerate new secure ones. Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight

Categories

6.0
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.03%
Vendor Advisory rockwellautomation.com
Affected: Rockwell Automation FactoryTalk® System Services (installed via FTPM)
Affected: Rockwell Automation FactoryTalk® Policy Manager (FTPM)
Published at:
Updated at:

References

Link Tags
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html mitigation vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-6325?
CVE-2024-6325 has been scored as a medium severity vulnerability.
How to fix CVE-2024-6325?
To fix CVE-2024-6325: Users using the affected software are encouraged to implement the following steps to invalidate the existing vulnerable private keys/digital certificates and regenerate new secure ones. Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight
Is CVE-2024-6325 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-6325 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-6325?
CVE-2024-6325 affects Rockwell Automation FactoryTalk® System Services (installed via FTPM), Rockwell Automation FactoryTalk® Policy Manager (FTPM).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.