PatchSiren cyber security CVE debrief
CVE-2024-37369 Rockwell Automation CVE debrief
A privilege escalation vulnerability in Rockwell Automation FactoryTalk View SE allows low-privilege users to edit scripts while bypassing Access Control Lists (ACLs), potentially enabling further system access. The vulnerability affects FactoryTalk View SE version 12.0 and was corrected in version 14.0. The issue was published by CISA on June 13, 2024.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk View SE
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-13
- Original CVE updated
- 2024-06-13
- Advisory published
- 2024-06-13
- Advisory updated
- 2024-06-13
Who should care
Organizations operating Rockwell Automation FactoryTalk View SE in industrial environments, particularly manufacturing, energy, and critical infrastructure sectors. Security teams responsible for OT/ICS security, system administrators managing HMI/SCADA deployments, and compliance officers overseeing industrial cybersecurity frameworks should prioritize this vulnerability due to its HIGH severity rating and potential for privilege escalation in control system environments.
Technical summary
The vulnerability exists in FactoryTalk View SE's script editing functionality, where insufficient access controls allow low-privilege users to modify scripts despite ACL restrictions. This bypass enables unauthorized code execution within the context of the application, potentially leading to further privilege escalation or system compromise. The local attack vector requires authenticated access but no user interaction, making it exploitable by any user with low-level credentials.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to FactoryTalk View SE version 14.0 or later to obtain the correction for this vulnerability
- If unable to upgrade immediately, apply risk mitigations as recommended by Rockwell Automation
- Use the Secure Install option when installing FactoryTalk Services Platform
- Follow Rockwell Automation security best practices for industrial control systems
- Review and enforce principle of least privilege for all FactoryTalk View SE user accounts
- Monitor for unauthorized script modifications in FactoryTalk View SE environments
- Apply network segmentation to limit lateral movement if compromise occurs
Evidence notes
CISA CSAF advisory ICSA-24-165-17 identifies FactoryTalk View SE v12.0 as affected and confirms correction in v14.0. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates local attack vector with low attack complexity, requiring low privileges but no user interaction, with high impact on confidentiality, integrity, and availability.
Official resources
-
CVE-2024-37369 CVE record
CVE.org
-
CVE-2024-37369 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-13