Rockwell Automation FactoryTalk View SE
Plan Patch8.6ICS-CERT ICSA-24-165-16Jun 13, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
FactoryTalk View SE v12.0 does not require authentication to view HMI projects. An attacker with network access can retrieve the full project file, exposing process logic, setpoints, alarms, and operational configuration. This allows reconnaissance for follow-on attacks targeting PLCs or process control. CWE-287 (improper authentication).
What this means
What could happen
An attacker with network access to the HMI can view the entire FactoryTalk View SE project, including process logic, setpoints, and operational configuration, without authentication. This exposure could allow planning of more targeted attacks or process manipulation.
Who's at risk
Manufacturing facilities using FactoryTalk View SE v12.0 for supervisory control and data acquisition (SCADA), process monitoring, or operator dashboards. This includes plants in automotive, food processing, chemical manufacturing, and discrete assembly operations where HMI visibility of production logic is sensitive.
How it could be exploited
An attacker on the network (or from the internet if the HMI is exposed) connects directly to the FactoryTalk View SE application on port 2323 or via HTTP/HTTPS and requests the project file. The application returns the full project contents without requiring credentials.
Prerequisites
- Network reachability to FactoryTalk View SE application (default port 2323 or web interface)
- No credentials required
- FactoryTalk View SE v12.0 must be deployed
remotely exploitableno authentication requiredlow complexityaffects HMI/visualization systemsproject files contain process logic and setpoints
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk View SE: v12.0v12.014.0 or later
Remediation & Mitigation
0/4
Do now
0/2HARDENINGSegment HMI network behind firewall; restrict network access to FactoryTalk View SE ports (2323 and web interface) from trusted engineering workstations only
HARDENINGIsolate FactoryTalk View SE systems from business network and internet
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade FactoryTalk View SE to version 14.0 or later
Long-term hardening
0/1HARDENINGImplement IPSec or VPN for remote engineering access to HMI systems
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/27603c13-a7ec-466d-99ae-4cd52c5b2fd8