Login Sign Up

CVE-2024-37369

8.8 HIGH

📋 TL;DR

This privilege escalation vulnerability allows low-privilege users to edit scripts and bypass Access Control Lists in Rockwell Automation products. This could enable attackers to gain elevated privileges and further access within industrial control systems. Organizations using affected Rockwell Automation software are at risk.

💻 Affected Systems

Products:
  • Rockwell Automation FactoryTalk View Site Edition
Versions: Versions prior to 13.0.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems where FactoryTalk View Site Edition is installed with default configurations.

📦 What is this software?

Factorytalk View by Rockwellautomation

View all CVEs affecting Factorytalk View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control over industrial control systems, potentially enabling sabotage, data theft, or disruption of critical operations.

🟠

Likely Case

Malicious insiders or compromised low-privilege accounts escalate privileges to access sensitive systems, modify configurations, or install malware.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated systems with minimal operational disruption.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires existing low-privilege access to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 13.0.0 or later

Vendor Advisory: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1674.html

Restart Required: Yes

Instructions:

1. Download FactoryTalk View Site Edition version 13.0.0 or later from Rockwell Automation. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart affected systems.

🔧 Temporary Workarounds

Restrict Script Editing Permissions

windows

Manually adjust ACLs to prevent low-privilege users from editing scripts.

Implement Least Privilege Access

all

Review and restrict user permissions to minimum required for their roles.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected systems from critical infrastructure
  • Enhance monitoring and logging of script modification activities and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check FactoryTalk View Site Edition version in Control Panel > Programs and Features. Versions below 13.0.0 are vulnerable.

Check Version:

wmic product where name="FactoryTalk View Site Edition" get version

Verify Fix Applied:

Verify version is 13.0.0 or higher and test that low-privilege users cannot edit scripts.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected script file modifications
  • Privilege escalation attempts
  • Unauthorized access to administrative functions

Network Indicators:

  • Unusual network traffic from low-privilege accounts to sensitive systems

SIEM Query:

EventID=4688 AND (ProcessName LIKE "%script%" OR CommandLine LIKE "%edit%") AND SubjectUserName NOT IN (admin_users_list)

📊 Metadata

CVE ID: CVE-2024-37369
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-732
Published: June 14, 2024
Last Updated: January 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37369, you might also want to check these:

CVE-2021-33509 9.9

This vulnerability allows remote authenticated managers in Plone to perform arbitrary disk I/O opera...

Same vulnerability type (CWE-732)
CVE-2024-5618 9.9

This vulnerability allows attackers to access functionality they shouldn't have permission to use in...

Same vulnerability type (CWE-732)
CVE-2023-40622 9.9

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated attack...

Same vulnerability type (CWE-732)