Loading

FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections

Severity:
Medium
Advisory ID:
SD1663
發佈日期:
March 21, 2024
最近更新:
December 03, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
否
Corrected:
是
Workaround:
否
CVE IDs
CVE-2024-21914
下載
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
摘要
FactoryTalk® View ME on PanelView™ Plus 7 Boot Terminal lack Security Protections

Published Date: March 21, 2024
Last updated: August 5, 2025
Revision Number: 1.0
CVSS Score: v3.1 5.3/10, v.4.0 6.9/10

The security of our products is important to us as your industrial automation supplier. This issue was found internally during routine testing and is being reported based on our commitment to transparency and all business environments.

AFFECTED PRODUCTS AND SOLUTION

Affected Product

First Known in software version

Corrected in software version

FactoryTalk® View ME

<v14

V11

V12

V13

V14

SECURITY ISSUE DETAILS

Rockwell Automation used CVSS v3.1 and v4.0 scoring system to assess the following security issues.

CVE-2024-21914 IMPACT

A security issue exists in the affected product. This allows a threat actor to restart the PanelView™ Plus 7 terminal remotely without security protections. This could lead to the loss of view or control of the PanelView™ product.

CVSS 3.1 Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 4.0 Base Score: 6.9

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE: Improper security protection for remote restart action

Known Exploited Vulnerability (KEV) database:  No

Users can use Stakeholder-Specific Vulnerability Categorization to create more environment-specific categories.

Mitigations and Workarounds

Customers using the affected software that are unable to upgrade to the corrected versions should use security best practices.

Security Best Practices

 ADDITIONAL RESOURCES

  • JSON CVE 2024-21914

Glossary

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 首頁 Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
請更新您的 cookie 設定以繼續.
此功能需要 cookie 來改善您的體驗。請更新您的設定以允許這些 cookie:
  • 社群媒體Cookie
  • 功能Cookie
  • 性能Cookie
  • 行銷Cookie
  • 全部Cookie
您可以隨時更新您的設定。想了解更多訊息,請參閱我們的 {0} 隱私政策
CloseClose