SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE

Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software.
Rockwell Automation vulnerabilities

Rockwell Automation this week informed customers that it has patched three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software.

The industrial automation giant has published individual advisories for each of these flaws, all of which were found internally by the company. 

One of them, CVE-2024-37368, has been described as a user authentication issue that can lead to information leakage.

“The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification,” the vendor explained in its advisory.

The second security hole, CVE-2024-37367, has the same description. 

The third FactoryTalk View SE issue, CVE-2024-37369, is a local privilege escalation vulnerability that “allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system”.

Advertisement. Scroll to continue reading.

The vulnerabilities have been patched with the release of version 14. 

The cybersecurity agency CISA has also published advisories to inform organizations about these FactoryTalk View SE vulnerabilities.

Rockwell this week also told customers about a vulnerability affecting some of its ControlLogix, GuardLogix, and CompactLogix controllers. 

The flaw can cause all affected controllers on the same network to enter a nonrecoverable fault condition by sending specially crafted packets to the mDNS port. 

Rockwell Automation recently issued a security notice urging customers to ensure that their industrial control systems (ICS) are not connected to the internet and exposed to cyber threats.

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 21-24, 2024 | Atlanta
www.icscybersecurityconference.com

Related: ICS Patch Tuesday: Advisories Published by Siemens, Rockwell, Mitsubishi Electric

Related: Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products 

Related: Rockwell Automation Hires Stephen Ford as Chief Information Security Officer

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting.

Nudge Security has appointed Patrick Dillon as its Chief Revenue Officer.

AutoNation has appointed Brian Fricke as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.