CVE-2024-37368

EUVD-2024-36616
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
rockwellautomationfactorytalk_view
11.0 ≤
𝑥
< 14.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
rockwellautomationfactorytalk_view
v11.0 ≤
𝑥
< v14.0
ADP
Common Weakness Enumeration
References
https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1676.html
https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1676.html