CVE-2024-37369
published 2024-06-14CVE-2024-37369: A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control…
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.33%
25.1th percentile
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_view_se | — | — |
| rockwellautomation | factorytalk_view | >= 12.0 < 14.0 | 14.0 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.5HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation FactoryTalk View SE
cisa_ics·2024-06-13·CVSS 8.5
[HIGH] Rockwell Automation FactoryTalk View SE
ICS Advisory
##
Rockwell Automation FactoryTalk View SE
Release DateJune 13, 2024
Alert CodeICSA-24-165-17
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.5
- ATTENTION: Low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk View SE
- Vulnerability: Incorrect Permission Assignment for Critical Resource
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow low-privilege users to edit scripts, bypassing access control lists, and potentially gain further access within the system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Rockwell Automation reports that the following versions of FactoryTalk Software are affected:
-
GHSA
GHSA-h63q-g6ff-v833: A privilege escalation vulnerability exists in the affected product
ghsa_unreviewed·2024-06-14
CVE-2024-37369 [HIGH] CWE-732 GHSA-h63q-g6ff-v833: A privilege escalation vulnerability exists in the affected product
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-14
Published