PatchSiren cyber security CVE debrief
CVE-2024-45823 Rockwell Automation CVE debrief
An authentication bypass vulnerability in Rockwell Automation FactoryTalk Batch View (versions ≤2.01.00) allows threat actors to impersonate users by exploiting shared secrets across accounts. The vulnerability requires the attacker to enumerate additional authentication information to achieve impersonation. The CVSS 3.1 score of 8.1 (High) reflects significant impact potential with network attack vector, high attack complexity, no privileges required, and high impacts to confidentiality, integrity, and availability. Rockwell Automation has released version 3.00.00 to remediate this issue.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk Batch View
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-12
- Original CVE updated
- 2024-09-12
- Advisory published
- 2024-09-12
- Advisory updated
- 2024-09-12
Who should care
Organizations operating Rockwell Automation FactoryTalk Batch View in industrial environments, particularly those in manufacturing, process control, and critical infrastructure sectors where batch process visualization and control are essential. Security teams responsible for OT/ICS security, identity and access management administrators, and compliance officers overseeing industrial cybersecurity frameworks should prioritize this remediation.
Technical summary
The vulnerability exists in FactoryTalk Batch View versions 2.01.00 and earlier due to shared secrets across user accounts. An unauthenticated threat actor with the ability to enumerate required authentication information can leverage these shared secrets to impersonate legitimate users. The attack complexity is rated HIGH, indicating that successful exploitation requires additional effort beyond basic network access. The vulnerability has been addressed in FactoryTalk Batch View version 3.00.00, which eliminates the shared secret authentication weakness.
Defensive priority
HIGH
Recommended defensive actions
- Update FactoryTalk Batch View to version 3.00.00 or later to remediate the authentication bypass vulnerability.
- Review authentication configurations for shared secret usage across accounts and eliminate any remaining instances.
- Implement network segmentation for industrial control systems to limit exposure of FactoryTalk Batch View interfaces.
- Apply defense-in-depth strategies per CISA ICS recommended practices for industrial control system security.
- Monitor for anomalous authentication attempts or user impersonation indicators in FactoryTalk Batch View logs.
Evidence notes
Vulnerability disclosed via CISA ICS advisory ICSA-24-256-22. Authentication bypass stems from shared secrets across accounts in FactoryTalk Batch View ≤2.01.00. Vendor fix available in version 3.00.00.
Official resources
-
CVE-2024-45823 CVE record
CVE.org
-
CVE-2024-45823 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-12