Privilege Escalation Vulnerability Allows Low-Privilege Users to Bypass Access Control Lists
CVE-2024-37369

8.8HIGH

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® View Se
Vendor: CVE Published:; 14 June 2024

Summary

A privilege escalation vulnerability is present in Rockwell Automation software that enables low-privilege users to modify scripts. This exploit circumvents established Access Control Lists (ACLs), which may result in unauthorized access and actions within the system. The impact of this vulnerability can lead to severe security risks, as it allows attackers to gain elevated privileges and control over sensitive system functionalities.

Affected Version(s)

FactoryTalk® View SE 12.0

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Jun 6, 2024