CVE-2024-37368
14.06.2024, 15:15
A user authentication vulnerability exists in the Rockwell AutomationFactoryTalk View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customers server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rockwellautomation | factorytalk_view | 11.0 ≤ 𝑥 < 14.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
- CWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.