CVE-2024-37367 HIGH

CVE-2024-37367: Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction

Vendor Rockwell Automation
Product FactoryTalk® View SE
Weakness CWE-287 · Improper authentication
Published June 14, 2024
Last update August 2, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification.

Key dates

02Disclosure timeline

June 14, 2024 CVE published
August 2, 2024 Record updated