OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk View Machine Edition

Act Now9.8ICS-CERT ICSA-23-264-06Sep 21, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

FactoryTalk View Machine Edition v13.0 and v12.0 contain an input validation weakness (CWE-20) that allows remote code execution through specially crafted malicious packets or a self-made library that bypasses security checks. No user interaction or authentication is required. An attacker can execute arbitrary code on the HMI server, potentially compromising operator control and visibility of manufacturing processes.

What this means
What could happen
An attacker could remotely execute code on FactoryTalk View Machine Edition servers by sending specially crafted packets, potentially allowing them to alter HMI displays, manipulate process data, or disrupt operator visibility and control of manufacturing operations.
Who's at risk
Manufacturing plants and food/beverage processors that rely on FactoryTalk View Machine Edition HMI (human-machine interface) software running on v12.0 or v13.0. Any organization using these versions for operator displays, data visualization, or process control monitoring is at risk.
How it could be exploited
An attacker sends malicious packets over the network to a FactoryTalk View Machine Edition server that is accessible (either from the internet or from a compromised internal network). The packets bypass input validation checks and trigger code execution. No authentication or user interaction is required.
Prerequisites
  • Network access to FactoryTalk View Machine Edition server (port and protocol unspecified in advisory)
  • No authentication required
  • No user interaction required
remotely exploitableno authentication requiredlow complexitycritical CVSS 9.8affects operator visibility and control
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (2)
2 pending
ProductAffected VersionsFix Status
FactoryTalk View Machine Edition: v13.0v13.0No fix yet
FactoryTalk View Machine Edition: <= 12.0≤ 12.0No fix yet
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to FactoryTalk View Machine Edition servers; do not expose to the internet
WORKAROUNDPlace FactoryTalk View Machine Edition systems behind firewalls and isolate from business networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply Rockwell Automation security patches for FactoryTalk View Machine Edition v12.0 and v13.0 (specific patched version numbers not provided in advisory)
Long-term hardening
0/1
HARDENINGIf remote access is required, use VPN with the most current version available
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/0935a263-cceb-4353-bbdb-154130192147
Rockwell Automation FactoryTalk View Machine Edition | CVSS 9.8 - OTPulse