Remote User Authentication Vulnerability in FactoryTalk® View SE v12 Allows Unauthorized Access to HMI Projects
CVE-2024-37367

7.5HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® View Se
Vendor: CVE Published:; 14 June 2024

Summary

A user authentication vulnerability exists in Rockwell Automation's FactoryTalk® View SE v12, allowing unauthorized access to HMI projects. A remote system leveraging the FTView protocol can send packets to the customer’s server, enabling the viewing of sensitive project data without appropriate authentication checks. This flaw highlights the need for stricter security measures to protect industrial automation environments from unauthorized access and potential exploitation.

Affected Version(s)

FactoryTalk® View SE v12

References

https://https://www.rockwellautomation.com/en-us/trust-ce...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Jun 6, 2024