cnvd - cnvd-2024-26044

CNVD-2024-26044

Vulnerability from cnvd - Published: 2024-06-06

Title

Rockwell Automation FactoryTalk View SE SQL注入漏洞

Description

Rockwell Automation FactoryTalk View SE是美国罗克韦尔（Rockwell Automation）公司的一款工业自动化系统视图界面。 Rockwell Automation FactoryTalk View SE存在SQL注入漏洞，攻击者可利用该漏洞通过发送特制的SQL语句来查看、添加、修改或删除后端数据库中的信息。

Severity

高

Patch Name

Rockwell Automation FactoryTalk View SE SQL注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.rockwellautomation.com/en-us/support/advisory.SD1670.html

Reference

https://cxsecurity.com/cveshow/CVE-2024-4609/

Impacted products

Name
Rockwell Automation FactoryTalk View SE <14.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-4609"
    }
  },
  "description": "Rockwell Automation FactoryTalk View SE\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u81ea\u52a8\u5316\u7cfb\u7edf\u89c6\u56fe\u754c\u9762\u3002\n\nRockwell Automation FactoryTalk View SE\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684SQL\u8bed\u53e5\u6765\u67e5\u770b\u3001\u6dfb\u52a0\u3001\u4fee\u6539\u6216\u5220\u9664\u540e\u7aef\u6570\u636e\u5e93\u4e2d\u7684\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.rockwellautomation.com/en-us/support/advisory.SD1670.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-26044",
  "openTime": "2024-06-06",
  "patchDescription": "Rockwell Automation FactoryTalk View SE\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u81ea\u52a8\u5316\u7cfb\u7edf\u89c6\u56fe\u754c\u9762\u3002\r\n\r\nRockwell Automation FactoryTalk View SE\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684SQL\u8bed\u53e5\u6765\u67e5\u770b\u3001\u6dfb\u52a0\u3001\u4fee\u6539\u6216\u5220\u9664\u540e\u7aef\u6570\u636e\u5e93\u4e2d\u7684\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rockwell Automation FactoryTalk View SE SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Rockwell Automation FactoryTalk View SE \u003c14.0"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-4609/",
  "serverity": "\u9ad8",
  "submitTime": "2024-05-20",
  "title": "Rockwell Automation FactoryTalk View SE SQL\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-4609 (GCVE-0-2024-4609)

Vulnerability from cvelistv5 – Published: 2024-05-16 15:13 – Updated: 2024-08-01 20:47

Summary

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.

Severity ?

8.8 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

CWE

CWE-20 - Improper Input Validation

Assigner

Rockwell

References

URL

Tags

https://www.rockwellautomation.com/en-us/support/…

Impacted products

	Vendor	Product	Version
	Rockwell Automation	FactoryTalk® View SE	Affected: <14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "factorytalk_view",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4609",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T18:10:40.296727Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:40.228Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:47:41.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1670.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FactoryTalk\u00ae View SE",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c14"
            }
          ]
        }
      ],
      "datePublic": "2024-05-16T14:58:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eA vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. \u0026nbsp; \u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n"
            }
          ],
          "value": "A vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T15:13:45.048Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1670.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cul\u003e\u003cli\u003eCorrected in v11,12, 13 and later.\u003c/li\u003e\u003cli\u003e\n\n\u003cp\u003eUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible.\u202f\u202f\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u202f\u202f\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "*  Corrected in v11,12, 13 and later.\n  *  \n\nUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible.\u202f\u202f\n\n\u00a0\n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Rockwell Automation Datalog Function within in FactoryTalk\u00ae View SE contains SQL Injection Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-4609",
    "datePublished": "2024-05-16T15:13:45.048Z",
    "dateReserved": "2024-05-07T14:56:25.894Z",
    "dateUpdated": "2024-08-01T20:47:41.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-26044

CVE-2024-4609 (GCVE-0-2024-4609)

Tags

Sightings

Nomenclature