CVE-2017-6015

Name: CVE-2017-6015
Creator: NVD / NIST
Published: 2018-05-11T13:29:00.297+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.71%

Last modified Jun 17, 2026

CVE-2017-6015 is a vulnerability of currently unknown severity. Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. EPSS estimates a 0.71% chance of exploitation in the next 30 days.

Description

Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later.

Metrics

EPSS Probability

0.71%

48.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Rockwellautomation	Factorytalk Activation	<= 4.00.02

References

http://www.securityfocus.com/bid/96996Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-047-02Third Party Advisory, US Government Resource
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382Permissions Required, Vendor Advisory
http://www.securityfocus.com/bid/96996Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-047-02Third Party Advisory, US Government Resource
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/939382Permissions Required, Vendor Advisory

Timeline

Published: May 11, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-6015?

How severe is CVE-2017-6015?

Severity scoring for CVE-2017-6015 is pending analysis. The EPSS model estimates a 0.71% probability of exploitation in the next 30 days.

How do I fix CVE-2017-6015?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-6015?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST