Factorytalk View Studio
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12028 | 0.05 | — | 0.51 | Jul 20, 2020 | In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in… | |||
| CVE-2020-12027 | 0.05 | — | 0.53 | Jul 20, 2020 | All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features… | |||
| CVE-2020-12029 | 0.05 | — | 0.45 | Jul 20, 2020 | All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation… | |||
| CVE-2024-45823 | 0.00 | — | 0.01 | Sep 12, 2024 | CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information… | |||
| CVE-2024-37369 | 0.00 | — | 0.00 | Jun 14, 2024 | A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. | |||
| CVE-2024-37368 | 0.00 | — | 0.01 | Jun 14, 2024 | A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this… | |||
| CVE-2024-37367 | 0.00 | — | 0.01 | Jun 14, 2024 | A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper… | |||
| CVE-2024-4609 | 0.00 | — | 0.01 | May 16, 2024 | A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack… | |||
| CVE-2024-21914 | 0.00 | — | 0.01 | Mar 25, 2024 | A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™… | |||
| CVE-2020-14480 | 0.00 | — | 0.00 | Feb 24, 2022 | Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials. | |||
| CVE-2020-14481 | 0.00 | — | 0.00 | Feb 24, 2022 | The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an… | |||
| CVE-2020-12031 | 0.00 | — | 0.01 | Jul 20, 2020 | In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch… | |||
| CVE-2014-9209 | 0.00 | — | 0.01 | Mar 31, 2015 | Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. |
- CVE-2020-12028Jul 20, 2020risk 0.05cvss —epss 0.51
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in…
- CVE-2020-12027Jul 20, 2020risk 0.05cvss —epss 0.53
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features…
- CVE-2020-12029Jul 20, 2020risk 0.05cvss —epss 0.45
All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation…
- CVE-2024-45823Sep 12, 2024risk 0.00cvss —epss 0.01
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information…
- CVE-2024-37369Jun 14, 2024risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
- CVE-2024-37368Jun 14, 2024risk 0.00cvss —epss 0.01
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this…
- CVE-2024-37367Jun 14, 2024risk 0.00cvss —epss 0.01
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper…
- CVE-2024-4609May 16, 2024risk 0.00cvss —epss 0.01
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack…
- CVE-2024-21914Mar 25, 2024risk 0.00cvss —epss 0.01
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™…
- CVE-2020-14480Feb 24, 2022risk 0.00cvss —epss 0.00
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.
- CVE-2020-14481Feb 24, 2022risk 0.00cvss —epss 0.00
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an…
- CVE-2020-12031Jul 20, 2020risk 0.00cvss —epss 0.01
In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch…
- CVE-2014-9209Mar 31, 2015risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.