CVE-2024-37365

Summary

A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationFactoryTalk View Machine Edition>=V14affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

·         To enhance security and prevent unauthorized modifications to HMI project files, harden the Windows OS by removing the INTERACTIVE group from the folder’s security properties.

·         Add specific users or user groups and assign their permissions to this folder using the least privileges principle. Users with read-only permission can still test run and run the FactoryTalk View ME Station.

·         Guidance can be found in FactoryTalk View ME v14 Help topic: “HMI projects folder settings”. It can be opened through FactoryTalk View ME Studio menu “help\Contents\FactoryTalk View ME Help\Create a Machine Edition application->Open applications->HMI project folder settings”.  Security Best Practices

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References