CVE-2024-4609
published 2024-05-16CVE-2024-4609: A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if…
PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.65%
46.6th percentile
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | factorytalk_view_se | — | — |
| rockwellautomation | factorytalk_view | < 11.0 | 11.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qwjm-p7qm-cgm9: A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL stat
ghsa_unreviewed·2024-05-16
CVE-2024-4609 [HIGH] CWE-20 GHSA-qwjm-p7qm-cgm9: A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL stat
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.
CISA ICS
Rockwell Automation FactoryTalk View SE
cisa_ics·2024-05-16·CVSS 8.8
[HIGH] Rockwell Automation FactoryTalk View SE
ICS Advisory
##
Rockwell Automation FactoryTalk View SE
Release DateMay 16, 2024
Alert CodeICSA-24-137-14
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk View SE
- Vulnerability: Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to inject a malicious SQL statement in the SQL database, resulting in expose sensitive information.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Rockwell Automation's FactoryTalk View SE, monitoring software, are affected:
- FactoryTalk View SE: Versions prior to 14.0
## 3.2 Vulnerability Overview
## 3.2.1 IMPROPER INPUT
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-16
Published