Rockwell Automation FactoryTalk View SE

Plan Patch7.6ICS-CERT ICSA-24-137-14May 16, 2024

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

FactoryTalk View SE versions before 14.0 contain an improper input validation vulnerability (CWE-20) that allows an attacker with valid credentials to inject malicious SQL statements into the SQL database. Successful exploitation could expose sensitive information stored in the database.

What this means

What could happen

An authenticated attacker could inject SQL commands to read or exfiltrate sensitive data from the FactoryTalk View SE database, potentially exposing historian records, process parameters, or user credentials. This does not directly affect plant operations but could compromise confidentiality of operational data.

Who's at risk

Organizations using Rockwell Automation FactoryTalk View SE as a supervisory monitoring or historian system should assess this vulnerability. FactoryTalk View SE is commonly used in manufacturing facilities, water treatment plants, and power generation to log and display process data. Any organization with versions prior to 14.0 is at risk of data exposure through SQL injection.

How it could be exploited

An attacker with valid FactoryTalk View SE user credentials connects to the application and submits malicious SQL statements through an input field that does not properly validate or sanitize user input. The SQL injection attack executes against the backend database, allowing the attacker to read or extract data beyond their normal permissions.

Prerequisites

Valid FactoryTalk View SE user credentials (login account)
Network access to the FactoryTalk View SE application or its database interface
FactoryTalk View SE version earlier than 14.0

Requires valid user credentials (authentication required)High CVSS score (7.6)Affects data confidentiality and database integrityNo patch available for older unsupported versions

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

FactoryTalk View SE: <14.0<14.014.0

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade FactoryTalk View SE to version 14.0 or later

Long-term hardening

0/3

HARDENINGRestrict network access to FactoryTalk View SE to authorized personnel only; place the application behind a firewall and isolate it from business networks and the internet

HARDENINGEnforce strong access controls and credential management for FactoryTalk View SE user accounts; audit and revoke unnecessary user permissions

HARDENINGIf remote access to FactoryTalk View SE is required, use a VPN with current security patches

CVEs (1)

CVE-2024-4609

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5dcb093f-2e01-428f-a152-0d62821b628e