Rockwell Automation FactoryTalk View SE
Plan Patch7.8ICS-CERT ICSA-24-165-17Jun 13, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
FactoryTalk View SE v12.0 contains an improper permissions vulnerability (CWE-732) that allows low-privilege users to edit scripts by bypassing access control lists (ACLs). This could enable further unauthorized access within the system.
What this means
What could happen
A low-privilege user on the HMI system could modify control scripts without authorization, potentially altering process logic, alarm settings, or operator displays in ways that could affect plant operations or safety.
Who's at risk
Water and utility control system operators using Rockwell Automation FactoryTalk View SE for SCADA HMI. This affects any facility that relies on v12.0 for operator workstations, engineering stations, or centralized control displays.
How it could be exploited
An attacker with a low-privilege account on the FactoryTalk View SE system can edit scripts that should be protected by access control lists. By modifying these scripts, the attacker could change process setpoints, disable alarms, or alter the behavior of operator screens.
Prerequisites
- Local or network access to FactoryTalk View SE with a low-privilege user account
- FactoryTalk View SE v12.0 installed and in use
improper permissions/access controlaffects HMI layerlow complexity attackrequires valid user credentials
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk View SE: v12.0v12.0V14.0 or later
Remediation & Mitigation
0/5
Do now
0/3HARDENINGUse the Secure Install option when deploying FactoryTalk Services Platform
HARDENINGRestrict network access to FactoryTalk View SE engineering and operator stations to authorized workstations only
HARDENINGEnforce strong access controls and role-based permissions for script editing in FactoryTalk View SE
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade FactoryTalk View SE to version V14.0 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate FactoryTalk View SE systems from business networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1e5f6858-e702-4a9b-b1ec-e524778e752b