SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE

Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software.
Rockwell Automation vulnerabilities

Rockwell Automation this week informed customers that it has patched three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software.

The industrial automation giant has published individual advisories for each of these flaws, all of which were found internally by the company. 

One of them, CVE-2024-37368, has been described as a user authentication issue that can lead to information leakage.

“The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification,” the vendor explained in its advisory.

The second security hole, CVE-2024-37367, has the same description. 

The third FactoryTalk View SE issue, CVE-2024-37369, is a local privilege escalation vulnerability that “allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system”.

Advertisement. Scroll to continue reading.

The vulnerabilities have been patched with the release of version 14. 

The cybersecurity agency CISA has also published advisories to inform organizations about these FactoryTalk View SE vulnerabilities.

Rockwell this week also told customers about a vulnerability affecting some of its ControlLogix, GuardLogix, and CompactLogix controllers. 

The flaw can cause all affected controllers on the same network to enter a nonrecoverable fault condition by sending specially crafted packets to the mDNS port. 

Rockwell Automation recently issued a security notice urging customers to ensure that their industrial control systems (ICS) are not connected to the internet and exposed to cyber threats.

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 21-24, 2024 | Atlanta
www.icscybersecurityconference.com

Related: ICS Patch Tuesday: Advisories Published by Siemens, Rockwell, Mitsubishi Electric

Related: Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products 

Related: Rockwell Automation Hires Stephen Ford as Chief Information Security Officer

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection
June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Register

Webinar: Modern Exposure Validation in the AI Era
June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Register

People on the Move

SolarWinds has appointed Justin Henkel as Chief Information Security Officer.

J. Paul Haynes has joined Cinchy as Chief Executive Officer.

Hatem Naguib has become Chief Executive Officer at Sysdig.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.