CVE-2024-4609

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk View SE Datalog function

Description A threat actor could inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. This could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.

Recommendations To resolve the issue, ensure that the SQL database has proper authentication in place and protect legitimate credentials from being stolen. Implementing secure authentication mechanisms for the SQL database will help prevent malicious SQL statement injection.