PatchSiren cyber security CVE debrief
CVE-2023-34348 Rockwell Automation CVE debrief
CVE-2023-34348 is a high-severity denial-of-service vulnerability affecting Rockwell Automation FactoryTalk Historian SE versions 9.0 and earlier. The vulnerability resides in the underlying AVEVA PI Server component, specifically the PI Message Subsystem. An unauthenticated remote attacker can exploit this flaw to crash the PI Message Subsystem, rendering FactoryTalk Historian SE unavailable and requiring a physical power cycle to restore service. The vulnerability was published on May 9, 2024, with a CVSS 3.1 score of 7.5 (HIGH), reflecting its network accessibility, low attack complexity, and no required privileges or user interaction. Rockwell Automation has released version 9.01 or higher to address this issue. Organizations should prioritize patching, as the unauthenticated nature of this vulnerability and its impact on industrial control system availability present significant operational risk.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk Historian SE
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-01-18
- Original CVE updated
- 2024-01-18
- Advisory published
- 2024-01-18
- Advisory updated
- 2024-01-18
Who should care
Organizations operating Rockwell Automation FactoryTalk Historian SE in industrial environments, particularly those with external network connectivity or insufficient network segmentation. Critical infrastructure operators, manufacturing facilities, and energy sector deployments where historian availability is essential for operations monitoring and compliance reporting.
Technical summary
The vulnerability exists in the PI Message Subsystem of the AVEVA PI Server used by FactoryTalk Historian SE. An unauthenticated attacker can remotely trigger a crash of this subsystem, causing complete service unavailability. Recovery requires a power cycle, indicating the crash affects system stability beyond a simple service restart. The attack vector is network-based with low complexity, requiring no privileges or user interaction.
Defensive priority
high
Recommended defensive actions
- Upgrade FactoryTalk Historian SE to version 9.01 or higher as soon as feasible.
- Review network segmentation for FactoryTalk Historian SE deployments to limit exposure of PI Server components.
- Monitor for unexpected service unavailability or required power cycles that may indicate exploitation attempts.
- Consult Rockwell Automation's security article for additional vendor-specific guidance.
- Review AVEVA security bulletins AVEVA-2024-001 and AVEVA-2024-002 for related PI Server and AVEVA Edge product information.
Evidence notes
Vulnerability details sourced from CISA CSAF advisory ICSA-24-130-01. Affected product confirmed as FactoryTalk Historian SE versions 9.0 and earlier. Root cause identified as AVEVA PI Server PI Message Subsystem vulnerability. Remediation confirmed as upgrade to version 9.01 or higher.
Official resources
-
CVE-2023-34348 CVE record
CVE.org
-
CVE-2023-34348 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-09