PatchSiren cyber security CVE debrief
CVE-2024-37367 Rockwell Automation CVE debrief
A user authentication vulnerability in Rockwell Automation FactoryTalk View SE allows remote, unauthenticated access to HMI projects. A remote attacker with FTView can send a crafted packet to a customer's server to view an HMI project without proper authentication verification. The vulnerability affects FactoryTalk View SE version 12.0. Rockwell Automation has corrected this issue in version 14.0 and later.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk View SE
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-13
- Original CVE updated
- 2024-06-13
- Advisory published
- 2024-06-13
- Advisory updated
- 2024-06-13
Who should care
Organizations operating Rockwell Automation FactoryTalk View SE v12.0 for industrial HMI visualization, particularly in critical infrastructure sectors including manufacturing, energy, water treatment, and other industrial environments where unauthorized access to operational technology interfaces could impact safety, production continuity, or sensitive process data confidentiality.
Technical summary
CVE-2024-37367 is an authentication bypass vulnerability in Rockwell Automation FactoryTalk View SE version 12.0. The vulnerability stems from improper authentication verification when processing remote requests. A remote attacker with FTView installed can send a network packet to a target server to view HMI projects without providing valid credentials. The attack vector is network-based, requires low attack complexity, no privileges, and no user interaction. The vulnerability has a HIGH severity CVSS 3.1 score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), indicating significant confidentiality impact with scope change. Successful exploitation exposes sensitive HMI project data to unauthorized remote parties. Remediation is available through upgrade to version 14.0 or later, with compensating controls including network segmentation and IPSec implementation for environments where immediate patching is not possible.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade FactoryTalk View SE to version 14.0 or later to address the authentication bypass vulnerability.
- If immediate upgrade is not feasible, enforce proper network access controls and segment networks containing sensitive HMI information using IPSec.
- Apply Rockwell Automation security best practices for industrial control systems.
- Review and implement CISA ICS recommended practices for defense-in-depth strategies.
- Monitor network traffic for unauthorized access attempts to FactoryTalk View SE servers.
Evidence notes
CISA ICS advisory ICSA-24-165-16 published 2024-06-13 confirms the authentication bypass vulnerability in FactoryTalk View SE v12.0, with remediation available in v14.0+.
Official resources
-
CVE-2024-37367 CVE record
CVE.org
-
CVE-2024-37367 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-13