CVE-2024-37367: Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction
First published: Fri Jun 14 2024(Updated: )
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Factorytalk View | >=12.0<14.0 |
Remedy
* Corrected in software version v14.0. * Users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. * It is recommended that users enforce proper access controls within the network and segment networks containing sensitive information using IPSec: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456 * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/title
- agent/weakness
- agent/references
- agent/remedy
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- vendor/rockwellautomation
- canonical/rockwellautomation factorytalk view
- version/rockwellautomation factorytalk view/12.0