"Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE"
Rockwell Automation recently announced that it has patched three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software. The first vulnerability, CVE-2024-37368, is described as a user authentication issue that can lead to information leakage. The company noted that the vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification. The second vulnerability, CVE-2024-37367, has the same description. The third FactoryTalk View SE issue, CVE-2024-37369, is a local privilege escalation vulnerability that allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. The company noted that the vulnerabilities have been patched with the release of version 14.