Loading

FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections

Severity:
Medium
Advisory ID:
SD1663
Data pubblicazione:
March 21, 2024
Ultimo aggiornamento:
December 03, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
Sì
Workaround:
No
CVE IDs
CVE-2024-21914
Download
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
Riepilogo
FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections

Published Date: March 21, 2024
Last updated: August 5, 2025
Revision Number: 1.0
CVSS Score: v3.1 5.3/10, v.4.0 6.9/10

The security of our products is important to us as your industrial automation supplier. This issue was found internally during routine testing and is being reported based on our commitment to transparency and all business environments.

AFFECTED PRODUCTS AND SOLUTION

Affected Product

First Known in software version

Corrected in software version

FactoryTalk® View ME

<v14

V11

V12

V13

V14

SECURITY ISSUE DETAILS

Rockwell Automation used CVSS v3.1 and v4.0 scoring system to assess the following security issues.

CVE-2024-21914 IMPACT

A security issue exists in the affected product. This allows a threat actor to restart the PanelView™ Plus 7 terminal remotely without security protections. This could lead to the loss of view or control of the PanelView™ product.

CVSS 3.1 Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 4.0 Base Score: 6.9

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE: Improper security protection for remote restart action

Known Exploited Vulnerability (KEV) database:  No

Users can use Stakeholder-Specific Vulnerability Categorization to create more environment-specific categories.

Mitigations and Workarounds

Customers using the affected software that are unable to upgrade to the corrected versions should use security best practices.

Security Best Practices

 ADDITIONAL RESOURCES

  • JSON CVE 2024-21914

Glossary

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Home Rockwell Automation Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Aggiorna le tue preferenze sui cookie per continuare.
Questa funzionalità richiede i cookie per migliorare la tua esperienza. Ti preghiamo di aggiornare le tue preferenze per consentire questi cookie:
  • Cookie dei social media
  • Cookie funzionali
  • Cookie di prestazione
  • Cookie di marketing
  • Tutti i cookie
Puoi aggiornare le tue preferenze in qualsiasi momento. Per ulteriori informazioni consultare il nostro {0} politica sulla riservatezza
CloseClose