PatchSiren cyber security CVE debrief
CVE-2024-7513 Rockwell Automation CVE debrief
A code execution vulnerability exists in Rockwell Automation FactoryTalk View Site Edition (SE) version 13.0 due to improper default file permissions on the HMI projects folder. The default configuration allows any user to edit or replace files in C:UsersPublicDocumentsRSView EnterpriseSEHMI projects, which are then executed by an account with elevated permissions. This local attack vector enables low-privileged users to achieve high-impact confidentiality, integrity, and availability compromises through scope-changed execution. The vulnerability was disclosed on August 13, 2024, with an advisory update on August 29, 2024 that modified mitigation guidance. No patch is available; remediation requires manual permission hardening of the affected directory.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk View SE
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-08-13
- Original CVE updated
- 2024-08-29
- Advisory published
- 2024-08-13
- Advisory updated
- 2024-08-29
Who should care
Organizations operating Rockwell Automation FactoryTalk View SE 13.0 in industrial environments, particularly those with shared workstation access or concerns about insider threats. Critical infrastructure operators, manufacturing facilities, and any deployment where HMI servers are accessible to multiple users should prioritize this configuration hardening. The scope-changed CVSS metric indicates potential for broader system impact beyond the initial compromised component.
Technical summary
CVE-2024-7513 is a code execution vulnerability in Rockwell Automation FactoryTalk View SE 13.0 stemming from insecure default permissions on the HMI projects folder (C:UsersPublicDocumentsRSView EnterpriseSEHMI projects). The INTERACTIVE group has write access by default, allowing any authenticated user to modify or replace project files that execute with elevated privileges. The CVSS 3.1 score of 8.8 reflects local attack vector, low attack complexity, low privileges required, no user interaction, changed scope, and high impacts across confidentiality, integrity, and availability. No software patch exists; mitigation requires manual ACL modification to remove INTERACTIVE access and implement principle of least privilege on the directory.
Defensive priority
HIGH
Recommended defensive actions
- Restrict access to the HMI projects folder located at C:UsersPublicDocumentsRSView EnterpriseSEHMI projects by removing the INTERACTIVE group from folder security properties
- Add only specific authorized users or user groups to the HMI projects folder with minimum necessary permissions
- Apply read-only permissions to users who only require viewing and running FactoryTalk View SE client without modification capabilities
- Implement Rockwell Automation security best practices for industrial automation control systems
- Review Rockwell Automation security advisory SD 1688 for additional vendor guidance
- Consult FactoryTalk View SE Help documentation (Version 14: Help → FactoryTalk View SE Help → Security → 'HMI projects folder') for configuration guidance
Evidence notes
CISA ICS Advisory ICSA-24-226-06 (Update A) documents this vulnerability with CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. The advisory was initially published August 13, 2024 and updated August 29, 2024 to change mitigation information. Affected product confirmed as FactoryTalk View SE version 13.0.
Official resources
-
CVE-2024-7513 CVE record
CVE.org
-
CVE-2024-7513 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-08-13