PT-2024-4254 · Rockwell Automation · Rockwell Automation Factorytalk View Se

Published

2024-06-13

Updated

2024-06-20

CVE-2024-37368

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk View SE (affected versions not specified)

Description The issue is related to weaknesses in the authentication procedure of the Rockwell Automation FactoryTalk View SE software. This allows a remote attacker to bypass existing security restrictions. Specifically, due to the lack of proper authentication, a user from a remote system with FTView can send a packet to the customer's server to view an HMI project without proper authentication verification.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

BDU:2024-04741

CVE-2024-37368

Affected Products

Rockwell Automation Factorytalk View Se

PT-2024-4254 · Rockwell Automation · Rockwell Automation Factorytalk View Se

CVE-2024-37368

Weakness Enumeration

Related Identifiers

Affected Products

References · 9