OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk View SE

Plan Patch7.5ICS-CERT ICSA-24-165-18Jun 13, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

FactoryTalk View SE v11.0 contains an authentication weakness (CWE-287) that allows a user with FTView access to view HMI projects from a remote system without proper authorization. The vulnerability enables unauthorized disclosure of HMI project information, which may contain sensitive operational logic and configuration details.

What this means
What could happen
An attacker with access to the engineering network could remotely view your HMI project files without proper credentials, exposing operational logic, process workflows, and system configuration details that could be used to plan further attacks or disrupt operations.
Who's at risk
Manufacturing facilities using FactoryTalk View SE v11.0 as their HMI platform should be concerned, particularly those where HMI projects contain proprietary process logic or sensitive configuration. This affects engineering workstations and any system that hosts or accesses FTView projects on v11.0.
How it could be exploited
An attacker on the same network or with network access to the FactoryTalk View SE system could send a crafted request to view HMI project files. Because the system does not properly enforce access controls during project retrieval, the attacker gains unauthorized read access to sensitive project data without valid engineering credentials.
Prerequisites
  • Network access to the FactoryTalk View SE system
  • FTView software installed or network connectivity to port used by FTView communication
remotely exploitablelow complexityno authentication required for exploitationaffects HMI systems which control plant operations
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk View SE: v11.0v11.014.0 or later
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGImplement network access controls to restrict which systems and users can reach FactoryTalk View SE
WORKAROUNDUse VPN with multi-factor authentication for any required remote access to the HMI engineering environment
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade FactoryTalk View SE to version 14.0 or later
Long-term hardening
0/1
HARDENINGSegment the HMI network from business networks and the internet using firewalls and IPSec
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/11a51683-a1b3-45c0-8cb4-a3420bae75e0
Rockwell Automation FactoryTalk View SE | CVSS 7.5 - OTPulse