March 16, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities
June 14, 2024Multiple Dell Products Vulnerabilities
June 14, 2024Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities
June 14, 2024Multiple Dell Products Vulnerabilities
June 14, 2024
Severity
High
Analysis Summary
CVE-2024-37367 CVSS:8.6
Rockwell Automation FactoryTalk View SE could allow a remote attacker to obtain sensitive information, caused by improper authentication. By sending a specially crafted request, a remote attacker could exploit this vulnerability to view an HMI project.
CVE-2024-37369 CVSS:7.8
Rockwell Automation FactoryTalk View SE could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect permission assignment for critical resource. By sending a specially crafted request, an attacker could exploit this vulnerability to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
CVE-2024-37368 CVSS:37368
Rockwell Automation FactoryTalk View SE could allow a remote attacker to obtain sensitive information, caused by improper authentication. By sending a specially crafted request, a remote attacker could exploit this vulnerability to view an HMI project.
Impact
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-37367
- CVE-2024-37369
- CVE-2024-37368
Affected Vendors
Rockwell Automation
Affected Products
- Rockwell Automation FactoryTalk View SE 12.0
- Rockwell Automation FactoryTalk View SE 11.0
Remediation
Upgrade to the latest version of Rockwell Automation FactoryTalk View SE, available from the Rockwell Automation Website.