CVE-2024-45824 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation FactoryTalk View Site Edition in manufacturing, critical infrastructure, and industrial environments. Security teams responsible for OT/ICS asset protection, plant engineers, and system integrators deploying FactoryTalk View should prioritize patching. Organizations with externally accessible HMI systems face elevated risk of unauthenticated exploitation.

Technical summary

CVE-2024-45824 is a critical vulnerability in Rockwell Automation FactoryTalk View Site Edition that enables unauthenticated remote code execution through a chain of path traversal, command injection, and cross-site scripting vulnerabilities. The vulnerability affects versions 12.0, 13.0, and 14.0. The attack requires no authentication and can be executed over the network with low complexity, resulting in complete system compromise. This vulnerability is particularly significant for operational technology environments where FactoryTalk View is deployed for human-machine interface functionality in industrial control systems.

Defensive priority

critical

Recommended defensive actions

• Apply vendor patches from Rockwell Automation immediately for FactoryTalk View Site Edition versions 12.0, 13.0, and 14.0
• Implement network segmentation to restrict access to FactoryTalk View systems
• Review and apply Rockwell Automation security best practices for industrial control systems
• Monitor for suspicious activity indicating exploitation attempts
• Validate that applied patches are successfully installed and systems are restarted if required

Evidence notes

CVE published and modified 2024-09-12T06:00:00.000Z per source. CISA advisory ICSA-24-256-23 published same date. Affected products confirmed as FactoryTalk View Site Edition versions 12.0, 13.0, and 14.0 via CSAF product tree.

Official resources