Rockwell Automation FactoryTalk View ME

Monitor5.3ICS-CERT ICSA-24-086-04Mar 26, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

FactoryTalk View ME versions before v14 contain a vulnerability that could lead to loss of view or control of the connected PanelView product. This affects operators' ability to monitor and command the device.

What this means

What could happen

An attacker could cause a loss of visibility or control over a PanelView human-machine interface (HMI), preventing operators from monitoring process status or issuing commands to the controlled equipment.

Who's at risk

Water utilities and municipal electric operators using Rockwell Automation FactoryTalk View ME HMI software on PanelView industrial displays for process monitoring and control. Any facility relying on these HMIs for operator visibility into critical systems is affected if running versions before v14.

How it could be exploited

An attacker on the network could exploit this vulnerability remotely to disrupt access to the PanelView HMI view or control functions. The specific exploit vector is not detailed in the advisory, but given the availability score impact, it likely involves a denial-of-service or connection disruption attack.

Prerequisites

Network access to the FactoryTalk View ME system
FactoryTalk View ME version before v14 installed

remotely exploitableno authentication requiredlow complexityaffects monitoring and control visibility

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

FactoryTalk View ME: <v14<v14v14 or later

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGEnsure FactoryTalk View ME systems are not directly accessible from the internet or external networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk View ME to version v14 or later

Long-term hardening

0/2

HARDENINGRestrict network access to FactoryTalk View ME systems by placing them behind firewalls and segregating control system networks from business networks

WORKAROUNDIf remote access is required, implement secure VPN access with current patches applied

CVEs (1)

CVE-2024-21914

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/729c9bbe-8c40-4da4-b9a1-15973c3be3e9