cbcvebase.

Rockwellautomation Factorytalk View vulnerabilities

14 known vulnerabilities affecting rockwellautomation/factorytalk_view.

Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH7MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-2071P2CRITICALCVSS 9.8≤ 13.02023-09-12
CVE-2023-2071 [CRITICAL] CWE-20 CVE-2023-2071: Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies use Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to e
nvd
CVE-2025-9063P2CRITICALCVSS 9.8≤ 15.02025-10-14
CVE-2025-9063 [CRITICAL] CWE-287 CVE-2025-9063: An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more.
nvd
CVE-2024-45824P2CRITICALCVSS 9.8≥ 12.0, ≤ 14.02024-09-12
CVE-2024-45824 [CRITICAL] CWE-77 CVE-2024-45824: CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerabil CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.
nvd
CVE-2025-9064P2CRITICALCVSS 9.1≤ 15.02025-10-14
CVE-2025-9064 [CRITICAL] CWE-287 CVE-2025-9064: A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthentic A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted.
nvd
CVE-2024-7513P3HIGHCVSS 8.8≥ 13.02024-08-14
CVE-2024-7513 [HIGH] CWE-732 CVE-2024-7513: CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerabili CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.
nvd
CVE-2024-37369P3HIGHCVSS 8.8≥ 12.0, < 14.02024-06-14
CVE-2024-37369 [HIGH] CWE-732 CVE-2024-37369: A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-pr A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
nvd
CVE-2024-4609P3CRITICALCVSS 9.8fixed in 11.02024-05-16
CVE-2024-4609 [CRITICAL] CWE-20 CVE-2024-4609: A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could a A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additio
nvd
CVE-2024-37368P3HIGHCVSS 7.5≥ 11.0, < 14.02024-06-14
CVE-2024-37368 [HIGH] CWE-287 CVE-2024-37368: A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vuln A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.
nvd
CVE-2024-37367P3HIGHCVSS 7.5≥ 12.0, < 14.02024-06-14
CVE-2024-37367 [HIGH] CWE-287 CVE-2024-37367: A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification.
nvd
CVE-2024-37365P3HIGHCVSS 7.8v14.02024-11-12
CVE-2024-37365 [HIGH] CWE-20 CVE-2024-37365: A remote code execution vulnerability exists in the affected product. The vulnerability allows users A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbi
nvd
CVE-2020-14481P3HIGHCVSS 7.8≤ 9.0v10.02022-02-24
CVE-2020-14481 [HIGH] CWE-261 CVE-2020-14481: The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain c
nvd
CVE-2023-46289P3HIGHCVSS 7.5≥ 11.0, ≤ 13.02023-10-27
CVE-2023-46289 [HIGH] CWE-20 CVE-2023-46289: Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.
nvd
CVE-2024-21914P4MEDIUMCVSS 5.3fixed in 14.02024-03-25
CVE-2024-21914 [MEDIUM] CWE-400 CVE-2024-21914: A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product.
nvd
CVE-2020-14480P4MEDIUMCVSS 5.5≤ 9.0v10.02022-02-24
CVE-2020-14480 [MEDIUM] CWE-312 CVE-2020-14480: Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authent Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.
nvd
Rockwellautomation Factorytalk View vulnerabilities | cvebase