CVE-2024-37365

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk View Machine Edition V14

Description A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory, allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code.

Recommendations For Rockwell Automation FactoryTalk View Machine Edition V14, patch immediately and validate input to prevent potential system compromise. As a temporary workaround, consider restricting access to the public directory to minimize the risk of exploitation. Avoid using macros that could potentially execute arbitrary code until the issue is resolved.