Loading

FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections

Severity:
Medium
Advisory ID:
SD1663
Published Date:
March 21, 2024
Last Updated:
December 03, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Não
Corrected:
Sim
Workaround:
Não
CVE IDs
CVE-2024-21914
Downloads
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
Summary
FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections

Published Date: March 21, 2024
Last updated: August 5, 2025
Revision Number: 1.0
CVSS Score: v3.1 5.3/10, v.4.0 6.9/10

The security of our products is important to us as your industrial automation supplier. This issue was found internally during routine testing and is being reported based on our commitment to transparency and all business environments.

AFFECTED PRODUCTS AND SOLUTION

Affected Product

First Known in software version

Corrected in software version

FactoryTalk® View ME

<v14

V11

V12

V13

V14

SECURITY ISSUE DETAILS

Rockwell Automation used CVSS v3.1 and v4.0 scoring system to assess the following security issues.

CVE-2024-21914 IMPACT

A security issue exists in the affected product. This allows a threat actor to restart the PanelView™ Plus 7 terminal remotely without security protections. This could lead to the loss of view or control of the PanelView™ product.

CVSS 3.1 Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 4.0 Base Score: 6.9

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE: Improper security protection for remote restart action

Known Exploited Vulnerability (KEV) database:  No

Users can use Stakeholder-Specific Vulnerability Categorization to create more environment-specific categories.

Mitigations and Workarounds

Customers using the affected software that are unable to upgrade to the corrected versions should use security best practices.

Security Best Practices

 ADDITIONAL RESOURCES

  • JSON CVE 2024-21914

Glossary

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Página inicial da Rockwell Automation Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Atualize suas preferências de cookies para continuar.
Este recurso requer cookies para melhorar sua experiência. Atualize suas preferências para permitir esses cookies:
  • Cookies de Redes Sociais
  • Cookies Funcionais
  • Cookies de Desempenho
  • Cookies de Marketing
  • Todos os Cookies
Você pode atualizar suas preferências a qualquer momento. Para mais informações, consulte nosso {0} Política de Privacidade
CloseClose