CVE-2024-37367

Name of the Vulnerable Software and Affected Versions Rockwell Automation FactoryTalk View SE version v12

Description The issue is related to weaknesses in the authentication procedure of the Rockwell Automation FactoryTalk View SE software. This allows a remote attacker to potentially disclose protected information by sending a packet to the customer's server to view an HMI project without proper authentication verification.

Recommendations For Rockwell Automation FactoryTalk View SE version v12, consider restricting access to the HMI project viewing functionality until a proper fix is applied to ensure authentication verification is properly enforced. As a temporary workaround, limit the ability of remote systems with FTView to send packets to the customer's server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.