CVE-2024-37368
EUVD-2024-3661614.06.2024, 15:15
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| rockwellautomation | factorytalk_view | 11.0 ≤ 𝑥 < 14.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
- CWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.