OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk View Site Edition

Monitor7.5ICS-CERT ICSA-23-299-05Oct 26, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A flaw in FactoryTalk View Site Edition (v11.0, v12.0, v13.0) in input validation (CWE-20) allows an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation causes the application to become unavailable and requires a manual restart. Rockwell Automation has released patches for v12.0 and v13.0; v11.0 is end-of-support with no fix planned.

What this means
What could happen
An attacker could crash FactoryTalk View Site Edition, rendering the HMI/SCADA visualization layer unavailable and requiring a manual restart. This disrupts operator visibility and control of critical processes.
Who's at risk
Organizations running FactoryTalk View Site Edition for plant HMI/SCADA monitoring, including water utilities, electric utilities, and manufacturing facilities that depend on operator visibility and remote monitoring. Version 11.0 has no vendor patch available.
How it could be exploited
An attacker with network access to the FactoryTalk View Site Edition server sends a malformed input that triggers the input validation flaw (CWE-20), causing the application process to crash. The attacker does not need credentials or user interaction.
Prerequisites
  • Network access to the FactoryTalk View Site Edition server (typically port 80/443 or proprietary protocol)
  • No authentication required
Remotely exploitableNo authentication requiredLow complexity attackNo patch available for v11.0High impact on operator visibility
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk View Site Edition: V11.0V11.0No fix yet
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDFor v11.0 (no patch available), restrict network access to FactoryTalk View Site Edition using firewall rules; allow only trusted engineering workstations and process servers
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply Rockwell Automation patch to FactoryTalk View Site Edition v12.0 or v13.0
Long-term hardening
0/2
HARDENINGIsolate FactoryTalk View Site Edition and control system networks from the business network using air gaps or dedicated firewalls
HARDENINGIf remote access to FactoryTalk View Site Edition is required, route it through a VPN with strong authentication and keep VPN software patched
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1f52e071-5312-4ef7-baee-728538973208
Rockwell Automation FactoryTalk View Site Edition | CVSS 7.5 - OTPulse