Rewterz

Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities

June 14, 2024
Rewterz

Multiple Dell Products Vulnerabilities

June 14, 2024

ICS: Multiple Rockwell Automation FactoryTalk View SE Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-37367 CVSS:8.6

Rockwell Automation FactoryTalk View SE could allow a remote attacker to obtain sensitive information, caused by improper authentication. By sending a specially crafted request, a remote attacker could exploit this vulnerability to view an HMI project.

CVE-2024-37369 CVSS:7.8

Rockwell Automation FactoryTalk View SE could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect permission assignment for critical resource. By sending a specially crafted request, an attacker could exploit this vulnerability to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.

CVE-2024-37368 CVSS:37368

Rockwell Automation FactoryTalk View SE could allow a remote attacker to obtain sensitive information, caused by improper authentication. By sending a specially crafted request, a remote attacker could exploit this vulnerability to view an HMI project.

Impact

  • Privilege Escalation
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-37367
  • CVE-2024-37369
  • CVE-2024-37368

Affected Vendors

Rockwell Automation

Affected Products

  • Rockwell Automation FactoryTalk View SE 12.0
  • Rockwell Automation FactoryTalk View SE 11.0

Remediation

Upgrade to the latest version of Rockwell Automation FactoryTalk View SE, available from the Rockwell Automation Website.

Rockwell Automation Website

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.