All the vulnerabilites related to Rockwell Automation - FactoryTalk View Machine Edition
cve-2024-37365
Vulnerability from cvelistv5
Published
2024-11-12 14:52
Modified
2024-11-12 19:04
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.0 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A remote code execution vulnerability exists in the affected
product. The vulnerability allows users to save projects within the public
directory allowing anyone with local access to modify and/or delete files. Additionally,
a malicious user could potentially leverage this vulnerability to escalate
their privileges by changing the macro to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Rockwell Automation | FactoryTalk View Machine Edition |
Version: >=V14 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:rockwellautomation:factorytalk_view_machine_edition:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "factorytalk_view_machine_edition", "vendor": "rockwellautomation", "versions": [ { "lessThanOrEqual": "v14", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-37365", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-12T19:02:19.102188Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-12T19:04:00.897Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FactoryTalk View Machine Edition", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "\u003e=V14" } ] } ], "datePublic": "2024-11-12T14:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA remote code execution vulnerability exists in the affected\nproduct. The vulnerability allows users to save projects within the public\ndirectory allowing anyone with local access to modify and/or delete files. Additionally,\na malicious user could potentially leverage this vulnerability to escalate\ntheir privileges by changing the macro to execute arbitrary code. \u003c/p\u003e" } ], "value": "A remote code execution vulnerability exists in the affected\nproduct. The vulnerability allows users to save projects within the public\ndirectory allowing anyone with local access to modify and/or delete files. Additionally,\na malicious user could potentially leverage this vulnerability to escalate\ntheir privileges by changing the macro to execute arbitrary code." } ], "impacts": [ { "capecId": "CAPEC-242", "descriptions": [ { "lang": "en", "value": "CAPEC-242 Code Injection" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-12T14:52:55.556Z", "orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell" }, "references": [ { "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Upgrade to Version 15" } ], "value": "Upgrade to Version 15" } ], "source": { "discovery": "INTERNAL" }, "title": "FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cbr\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nTo enhance security and\nprevent unauthorized modifications to HMI project files, harden the Windows OS\nby removing the \u003cb\u003eINTERACTIVE\u003c/b\u003e group from the folder\u2019s\nsecurity properties.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nAdd specific users or user\ngroups and assign their permissions to this folder using the least privileges\nprinciple. Users with read-only permission can still test run and run the\nFactoryTalk View ME Station.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nGuidance can be found in\nFactoryTalk View ME v14 Help topic: \u201cHMI projects folder settings\u201d. It can be opened through\nFactoryTalk View ME Studio menu \u201chelp\\Contents\\FactoryTalk View ME Help\\Create\na Machine Edition application-\u0026gt;Open applications-\u0026gt;HMI project folder settings\u201d. \u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity\nBest Practices\u003c/a\u003e\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e" } ], "value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nTo enhance security and\nprevent unauthorized modifications to HMI project files, harden the Windows OS\nby removing the INTERACTIVE group from the folder\u2019s\nsecurity properties.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nAdd specific users or user\ngroups and assign their permissions to this folder using the least privileges\nprinciple. Users with read-only permission can still test run and run the\nFactoryTalk View ME Station.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nGuidance can be found in\nFactoryTalk View ME v14 Help topic: \u201cHMI projects folder settings\u201d. It can be opened through\nFactoryTalk View ME Studio menu \u201chelp\\Contents\\FactoryTalk View ME Help\\Create\na Machine Edition application-\u003eOpen applications-\u003eHMI project folder settings\u201d. \u00a0Security\nBest Practices" } ], "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "assignerShortName": "Rockwell", "cveId": "CVE-2024-37365", "datePublished": "2024-11-12T14:52:55.556Z", "dateReserved": "2024-06-06T20:18:27.551Z", "dateUpdated": "2024-11-12T19:04:00.897Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }