CVE-2024-37368
published 2024-06-14CVE-2024-37368: A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to…
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.50%
38.9th percentile
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_view_se | — | — |
| rockwellautomation | factorytalk_view | >= 11.0 < 14.0 | 14.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9m53-r2vf-94rw: A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE
ghsa_unreviewed·2024-06-14
CVE-2024-37368 [HIGH] CWE-287 GHSA-9m53-r2vf-94rw: A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.
CISA ICS
Rockwell Automation FactoryTalk View SE
cisa_ics·2024-06-13·CVSS 8.2
[HIGH] Rockwell Automation FactoryTalk View SE
ICS Advisory
##
Rockwell Automation FactoryTalk View SE
Release DateJune 13, 2024
Alert CodeICSA-24-165-18
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk View SE
- Vulnerability: Improper Authentication
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a user from a remote system with FTView to view an HMI project.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Rockwell Automation reports that the following versions of FactoryTalk Software are affected:
- FactoryTalk View SE: v11.0
## 3.2 Vulnerability Overview
## 3.2.1 I
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-14
Published