CVE-2024-37365
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rockwell Automation | FactoryTalk View Machine Edition | >=V14 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
Workarounds
· To enhance security and prevent unauthorized modifications to HMI project files, harden the Windows OS by removing the INTERACTIVE group from the folder’s security properties.
· Add specific users or user groups and assign their permissions to this folder using the least privileges principle. Users with read-only permission can still test run and run the FactoryTalk View ME Station.
· Guidance can be found in FactoryTalk View ME v14 Help topic: “HMI projects folder settings”. It can be opened through FactoryTalk View ME Studio menu “help\Contents\FactoryTalk View ME Help\Create a Machine Edition application->Open applications->HMI project folder settings”. Security Best Practices
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.