Lucene search
RockwellCVELIST:CVE-2024-37367HistoryJun 14, 2024 - 2:17 p.m.
CVE-2024-37367 Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction
2024-06-1414:17:54
CWE-287
Rockwell
www.cve.org
3
rockwell automation
factorytalk view se
information leakage
authentication restriction
hmi projects
vulnerability
remote system
ftview
packet
customer's server.
8.2 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N
0.0004 Low
EPSS
Percentile
9.0%
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "FactoryTalk® View SE",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v12"
}
]
}
]Related
cve
cve
CVE-2024-37367
2024-06-14 15:15:51
nvd
nvd
CVE-2024-37367
2024-06-14 15:15:51
ics
ics
Rockwell Automation FactoryTalk View SE
2024-06-13 12:00:00
vulnrichment
vulnrichment
8.2 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N
0.0004 Low
EPSS
Percentile
9.0%
Related for CVELIST:CVE-2024-37367