Rockwell Automation FactoryTalk Batch View

Plan PatchCVSS 8.1ICS-CERT ICSA-24-256-22Sep 12, 2024

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

FactoryTalk Batch View versions 2.01.00 and earlier contain an authentication bypass vulnerability (CWE-287) that allows an attacker to gain unauthorized access without valid credentials. Successful exploitation could result in an attacker bypassing authentication on the application. The vulnerability has high attack complexity. Rockwell Automation recommends updating to version 3.00.00.

What this means

What could happen

An attacker could bypass authentication on FactoryTalk Batch View to gain unauthorized access to batch operations and process configurations without valid credentials.

Who's at risk

Batch manufacturing operations at chemical, pharmaceutical, food processing, and other facilities using Rockwell Automation FactoryTalk Batch View to manage recipe execution, ingredient tracking, and process control.

How it could be exploited

An attacker on the network sends specially crafted requests to FactoryTalk Batch View to exploit the authentication bypass, gaining access to the application and its underlying batch control functions without providing valid credentials.

Prerequisites

Network access to FactoryTalk Batch View application
FactoryTalk Batch View running version 2.01.00 or earlier

remotely exploitableauthentication bypassaffects batch control operationshigh CVSS score

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

FactoryTalk Batch View: <=2.01.00≤ 2.01.003.00.00

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to FactoryTalk Batch View to authorized engineering and operations staff only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk Batch View to version 3.00.00 or later

Long-term hardening

0/1

HARDENINGPlace FactoryTalk Batch View behind a firewall and isolate from business networks to minimize internet exposure

CVEs (1)

CVE-2024-45823

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f6228f30-2c62-4035-9e32-9503925935c4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.