Rockwell Automation FactoryTalk® View SE Vulnerability Could Lead to Data Exposure and Modification
CVE-2024-4609

9.8CRITICAL

Key Information:

Vendor: Rockwell Automation
Status: Factorytalk® View Se
Vendor: CVE Published:; 16 May 2024

Summary

A vulnerability in Rockwell Automation's FactoryTalk® View SE Datalog function allows attackers to inject malicious SQL statements into the system. This can occur if the SQL database lacks authentication or if legitimate credentials are compromised. Exploiting this vulnerability may lead to the exposure of sensitive information and potentially allow attackers to modify or delete data in a remote database. It is important to note that the impact of the attack would only affect the HMI design environment, not the runtime operations.

Affected Version(s)

FactoryTalk® View SE <14

References

https://www.rockwellautomation.com/en-us/support/advisory...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
May 7, 2024