OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk Batch View

Plan Patch8.1ICS-CERT ICSA-24-256-22Sep 12, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

FactoryTalk Batch View versions 2.01.00 and earlier contain an authentication bypass vulnerability (CWE-287). An attacker could exploit this flaw to bypass authentication and gain unauthorized access to batch operations, potentially allowing modification of process parameters, access to batch data, or disruption of manufacturing workflows. Rockwell Automation has released version 3.00.00 with authentication protections to address this issue.

What this means
What could happen
An attacker could bypass authentication to FactoryTalk Batch View and gain unauthorized access to batch operations control, potentially allowing them to modify process recipes, view sensitive batch data, or disrupt manufacturing operations.
Who's at risk
Organizations running FactoryTalk Batch View for batch process control and manufacturing operations management. This affects food, beverage, chemical, pharmaceutical, and other discrete or batch manufacturing facilities that rely on Rockwell Automation's batch management software.
How it could be exploited
An attacker with network access to FactoryTalk Batch View (port exposure or internal network access) can send specially crafted requests that bypass the authentication mechanism. Once authenticated without valid credentials, the attacker gains full access to batch control functions and data.
Prerequisites
  • Network access to FactoryTalk Batch View application (typically requires internal network or compromised DMZ host)
  • No valid credentials required
  • High attack complexity - specific conditions must be met for successful exploitation
remotely exploitableno authentication requiredauthentication bypasshigh CVSS score (8.1)affects batch process control
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk Batch View: <=2.01.00≤ 2.01.003.00.00
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to FactoryTalk Batch View by placing it behind a firewall and isolating it from business networks
HARDENINGEnsure FactoryTalk Batch View is not directly accessible from the internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk Batch View to version 3.00.00 or later
Long-term hardening
0/1
HARDENINGIf remote access to FactoryTalk Batch View is required, implement a VPN with current patches and strong access controls
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f6228f30-2c62-4035-9e32-9503925935c4