Published Date: March 21, 2024
Last updated: March 21, 2024
Revision Number: 1.0
CVSS Score: v3.1 5.3/10, v.4.0 6.9/10
The security of our products is important to us as your chosen industrial automation supplier. This vulnerability was found internally during routine testing and is being reported based on our commitment to customer transparency.
AFFECTED PRODUCTS AND SOLUTION
Affected Product |
First Known in software version |
Corrected in software version |
FactoryTalk® View ME |
<v14 |
V14 |
VULNERABILITY DETAILS
Rockwell Automation used CVSS v3.1 and v4.0 scoring system to assess the following vulnerabilities.
CVE-2024-21914 IMPACT
A vulnerability exists in the affected product that allows a malicious user to restart the PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product.
CVSS 3.1 Base Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 4.0 Base Score: 6.9
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CWE: Improper security protection for remote restart action
Known Exploited Vulnerability (KEV) database: No
Users can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
Mitigations and Workarounds
Users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.
ADDITIONAL RESOURCES
