Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for FactoryTalk® View SE by Rockwell Automation

    CVE-2024-37369 (GCVE-0-2024-37369)

    Vulnerability from nvd – Published: 2024-06-14 16:50 – Updated: 2024-08-02 03:50
    VLAI
    Title
    Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions
    Summary
    A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation FactoryTalk® View SE Affected: 12.0
    Create a notification for this product.
    rockwellautomation factorytalk_view Affected: 12.0 , < 14.0 (custom)
        cpe:2.3:a:rockwellautomation:factorytalk_view:-:*:*:*:se:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-13 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:factorytalk_view:-:*:*:*:se:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "factorytalk_view",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThan": "14.0",
                    "status": "affected",
                    "version": "12.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-14T18:11:26.338616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-14T18:13:03.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:56.129Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1674.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk\u00ae View SE",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0"
                }
              ]
            }
          ],
          "datePublic": "2024-06-13T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-14T16:50:20.187Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1674.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003cb\u003eAFFECTED PRODUCTS AND SOLUTION\u003c/b\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eCorrected in software version \u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eFactoryTalk\u00ae View SE\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eV12.0\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003ev14\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds \u003c/b\u003e\u003c/p\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eUse the Secure Install option when installing FactoryTalk\u00ae Services Platform.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "AFFECTED PRODUCTS AND SOLUTION\n\n\u00a0\n\n\u00a0\n\nAffected Product\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in software version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in software version \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nFactoryTalk\u00ae View SE\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nV12.0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv14\n\n\u00a0\n\n\n\n\nMitigations and Workarounds \n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\n\n  *  Use the Secure Install option when installing FactoryTalk\u00ae Services Platform.\n\n\n\n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk\u00ae View SE Local Privilege Escalation Vulnerability via Local File Permissions",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-37369",
        "datePublished": "2024-06-14T16:50:20.187Z",
        "dateReserved": "2024-06-06T20:18:27.551Z",
        "dateUpdated": "2024-08-02T03:50:56.129Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37368 (GCVE-0-2024-37368)

    Vulnerability from nvd – Published: 2024-06-14 14:30 – Updated: 2024-08-02 03:50
    VLAI
    Title
    Rockwell Automation FactoryTalk® View SE v11 Information Leakage Vulnerability via Authentication Restriction
    Summary
    A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation FactoryTalk® View SE Affected: v11.0
    Create a notification for this product.
    rockwellautomation factorytalk_view Affected: v11.0 , < v14.0 (custom)
        cpe:2.3:a:rockwellautomation:factorytalk_view:-:*:*:*:se:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-13 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:factorytalk_view:-:*:*:*:se:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "factorytalk_view",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThan": "v14.0",
                    "status": "affected",
                    "version": "v11.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T16:26:32.782829Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T16:33:16.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:56.219Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1676.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk\u00ae View SE",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v11.0"
                }
              ]
            }
          ],
          "datePublic": "2024-06-13T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user authentication vulnerability exists in the Rockwell Automation\u0026nbsp;FactoryTalk\u00ae View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer\u2019s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A user authentication vulnerability exists in the Rockwell Automation\u00a0FactoryTalk\u00ae View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer\u2019s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-14T14:30:53.422Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1676.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eCorrected in software version v14.0.\u003c/li\u003e\u003cli\u003e\n\n\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eIt is recommended that users enforce proper access controls within the network and segment networks containing sensitive information using IPSec: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practice\u003c/a\u003es\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "*  Corrected in software version v14.0.\n  *  \n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\n\n  *  It is recommended that users enforce proper access controls within the network and segment networks containing sensitive information using IPSec:  https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456 \n\n\n\n\n  *   Security Best Practice https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight s"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk\u00ae View SE v11 Information Leakage Vulnerability via Authentication Restriction",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-37368",
        "datePublished": "2024-06-14T14:30:53.422Z",
        "dateReserved": "2024-06-06T20:18:27.551Z",
        "dateUpdated": "2024-08-02T03:50:56.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37367 (GCVE-0-2024-37367)

    Vulnerability from nvd – Published: 2024-06-14 14:17 – Updated: 2024-08-02 03:50
    VLAI
    Title
    Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction
    Summary
    A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Date Public
    2024-06-13 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-17T15:37:14.017276Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-17T15:37:26.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:56.151Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1675.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk\u00ae View SE",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v12"
                }
              ]
            }
          ],
          "datePublic": "2024-06-13T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user authentication vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer\u2019s server to view an HMI project.  This action is allowed without proper authentication verification.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A user authentication vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer\u2019s server to view an HMI project.  This action is allowed without proper authentication verification."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-14T14:17:54.951Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1675.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cul\u003e\u003cli\u003eCorrected in software version v14.0. \u003c/li\u003e\u003cli\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eIt is recommended that users enforce proper access controls within the network and segment networks containing sensitive information using IPSec: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Corrected in software version v14.0. \n  *  Users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\n\n  *  It is recommended that users enforce proper access controls within the network and segment networks containing sensitive information using IPSec:  https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456 \n\n\n\n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk\u00ae View SE v12 Information Leakage Vulnerability via Authentication Restriction",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-37367",
        "datePublished": "2024-06-14T14:17:54.951Z",
        "dateReserved": "2024-06-06T20:18:27.551Z",
        "dateUpdated": "2024-08-02T03:50:56.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4609 (GCVE-0-2024-4609)

    Vulnerability from nvd – Published: 2024-05-16 15:13 – Updated: 2024-08-01 20:47
    VLAI
    Title
    Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability
    Summary
    A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation FactoryTalk® View SE Affected: <14
    Create a notification for this product.
    rockwellautomation factorytalk_view Affected: 0 , < 14 (custom)
        cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-16 14:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "factorytalk_view",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThan": "14",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T18:10:40.296727Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:53:40.228Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:47:41.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1670.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk\u00ae View SE",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c14"
                }
              ]
            }
          ],
          "datePublic": "2024-05-16T14:58:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eA vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. \u0026nbsp; \u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n"
                }
              ],
              "value": "A vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-16T15:13:45.048Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1670.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eCorrected in v11,12, 13 and later.\u003c/li\u003e\u003cli\u003e\n\n\u003cp\u003eUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible.\u202f\u202f\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u202f\u202f\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "*  Corrected in v11,12, 13 and later.\n  *  \n\nUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible.\u202f\u202f\n\n\u00a0\n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation Datalog Function within in FactoryTalk\u00ae View SE contains SQL Injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-4609",
        "datePublished": "2024-05-16T15:13:45.048Z",
        "dateReserved": "2024-05-07T14:56:25.894Z",
        "dateUpdated": "2024-08-01T20:47:41.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37369 (GCVE-0-2024-37369)

    Vulnerability from cvelistv5 – Published: 2024-06-14 16:50 – Updated: 2024-08-02 03:50
    VLAI
    Title
    Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions
    Summary
    A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation FactoryTalk® View SE Affected: 12.0
    Create a notification for this product.
    rockwellautomation factorytalk_view Affected: 12.0 , < 14.0 (custom)
        cpe:2.3:a:rockwellautomation:factorytalk_view:-:*:*:*:se:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-13 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:factorytalk_view:-:*:*:*:se:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "factorytalk_view",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThan": "14.0",
                    "status": "affected",
                    "version": "12.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-14T18:11:26.338616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-14T18:13:03.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:56.129Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1674.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk\u00ae View SE",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0"
                }
              ]
            }
          ],
          "datePublic": "2024-06-13T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-14T16:50:20.187Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1674.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003cb\u003eAFFECTED PRODUCTS AND SOLUTION\u003c/b\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eCorrected in software version \u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eFactoryTalk\u00ae View SE\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eV12.0\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003ev14\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds \u003c/b\u003e\u003c/p\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eUse the Secure Install option when installing FactoryTalk\u00ae Services Platform.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "AFFECTED PRODUCTS AND SOLUTION\n\n\u00a0\n\n\u00a0\n\nAffected Product\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in software version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in software version \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nFactoryTalk\u00ae View SE\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nV12.0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv14\n\n\u00a0\n\n\n\n\nMitigations and Workarounds \n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\n\n  *  Use the Secure Install option when installing FactoryTalk\u00ae Services Platform.\n\n\n\n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk\u00ae View SE Local Privilege Escalation Vulnerability via Local File Permissions",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-37369",
        "datePublished": "2024-06-14T16:50:20.187Z",
        "dateReserved": "2024-06-06T20:18:27.551Z",
        "dateUpdated": "2024-08-02T03:50:56.129Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37368 (GCVE-0-2024-37368)

    Vulnerability from cvelistv5 – Published: 2024-06-14 14:30 – Updated: 2024-08-02 03:50
    VLAI
    Title
    Rockwell Automation FactoryTalk® View SE v11 Information Leakage Vulnerability via Authentication Restriction
    Summary
    A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation FactoryTalk® View SE Affected: v11.0
    Create a notification for this product.
    rockwellautomation factorytalk_view Affected: v11.0 , < v14.0 (custom)
        cpe:2.3:a:rockwellautomation:factorytalk_view:-:*:*:*:se:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-13 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:factorytalk_view:-:*:*:*:se:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "factorytalk_view",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThan": "v14.0",
                    "status": "affected",
                    "version": "v11.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T16:26:32.782829Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T16:33:16.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:56.219Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1676.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk\u00ae View SE",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v11.0"
                }
              ]
            }
          ],
          "datePublic": "2024-06-13T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user authentication vulnerability exists in the Rockwell Automation\u0026nbsp;FactoryTalk\u00ae View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer\u2019s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A user authentication vulnerability exists in the Rockwell Automation\u00a0FactoryTalk\u00ae View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer\u2019s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-14T14:30:53.422Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1676.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eCorrected in software version v14.0.\u003c/li\u003e\u003cli\u003e\n\n\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eIt is recommended that users enforce proper access controls within the network and segment networks containing sensitive information using IPSec: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practice\u003c/a\u003es\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "*  Corrected in software version v14.0.\n  *  \n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\n\n  *  It is recommended that users enforce proper access controls within the network and segment networks containing sensitive information using IPSec:  https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456 \n\n\n\n\n  *   Security Best Practice https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight s"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk\u00ae View SE v11 Information Leakage Vulnerability via Authentication Restriction",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-37368",
        "datePublished": "2024-06-14T14:30:53.422Z",
        "dateReserved": "2024-06-06T20:18:27.551Z",
        "dateUpdated": "2024-08-02T03:50:56.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37367 (GCVE-0-2024-37367)

    Vulnerability from cvelistv5 – Published: 2024-06-14 14:17 – Updated: 2024-08-02 03:50
    VLAI
    Title
    Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction
    Summary
    A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Date Public
    2024-06-13 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-17T15:37:14.017276Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-17T15:37:26.533Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:56.151Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1675.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk\u00ae View SE",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v12"
                }
              ]
            }
          ],
          "datePublic": "2024-06-13T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user authentication vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer\u2019s server to view an HMI project.  This action is allowed without proper authentication verification.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A user authentication vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer\u2019s server to view an HMI project.  This action is allowed without proper authentication verification."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-14T14:17:54.951Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1675.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cul\u003e\u003cli\u003eCorrected in software version v14.0. \u003c/li\u003e\u003cli\u003e\u003cp\u003eUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eIt is recommended that users enforce proper access controls within the network and segment networks containing sensitive information using IPSec: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Corrected in software version v14.0. \n  *  Users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\n\n  *  It is recommended that users enforce proper access controls within the network and segment networks containing sensitive information using IPSec:  https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1090456 \n\n\n\n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk\u00ae View SE v12 Information Leakage Vulnerability via Authentication Restriction",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-37367",
        "datePublished": "2024-06-14T14:17:54.951Z",
        "dateReserved": "2024-06-06T20:18:27.551Z",
        "dateUpdated": "2024-08-02T03:50:56.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4609 (GCVE-0-2024-4609)

    Vulnerability from cvelistv5 – Published: 2024-05-16 15:13 – Updated: 2024-08-01 20:47
    VLAI
    Title
    Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability
    Summary
    A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation FactoryTalk® View SE Affected: <14
    Create a notification for this product.
    rockwellautomation factorytalk_view Affected: 0 , < 14 (custom)
        cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-16 14:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:factorytalk_view:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "factorytalk_view",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThan": "14",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T18:10:40.296727Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:53:40.228Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:47:41.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1670.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk\u00ae View SE",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c14"
                }
              ]
            }
          ],
          "datePublic": "2024-05-16T14:58:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eA vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. \u0026nbsp; \u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n"
                }
              ],
              "value": "A vulnerability exists in the Rockwell Automation FactoryTalk\u00ae View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-16T15:13:45.048Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1670.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eCorrected in v11,12, 13 and later.\u003c/li\u003e\u003cli\u003e\n\n\u003cp\u003eUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible.\u202f\u202f\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u202f\u202f\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "*  Corrected in v11,12, 13 and later.\n  *  \n\nUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible.\u202f\u202f\n\n\u00a0\n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation Datalog Function within in FactoryTalk\u00ae View SE contains SQL Injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-4609",
        "datePublished": "2024-05-16T15:13:45.048Z",
        "dateReserved": "2024-05-07T14:56:25.894Z",
        "dateUpdated": "2024-08-01T20:47:41.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }