FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-4609

Improper Input Validation (CWE-20)

Published: May 16, 2024 / Updated: 6mo ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

Summary

A vulnerability exists in the Rockwell Automation FactoryTalk View SE Datalog function that could allow an attacker to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. This could lead to information exposure, revealing sensitive data, as well as potential modification or deletion of data in the remote database. However, the vulnerability only affects the HMI design time, not the runtime.

Impact

An attacker could exploit this vulnerability to gain unauthorized access to sensitive information stored in the database, as well as potentially modify or delete data. This could disrupt industrial operations, lead to system downtime, and potentially cause safety issues if critical data is tampered with. The attack would only affect the HMI design time, not runtime, which limits the immediate operational impact but still poses significant risks to data integrity and confidentiality.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Rockwell Automation has released a security advisory (SD1679) on July 16, 2024, addressing this vulnerability in the FactoryTalk View SE Datalog function.

Mitigation

1. Apply the patch released by Rockwell Automation as soon as possible. 2. Ensure the SQL database is properly configured with strong authentication and access controls to prevent unauthorized access. 3. Implement the principle of least privilege and only grant the minimum necessary permissions to users and processes. 4. Monitor systems for any suspicious activity, especially during HMI design time operations. 5. Keep all software components up-to-date with the latest security patches. 6. If immediate patching is not possible, consider isolating or limiting network access to the affected systems. 7. Implement strong credential management practices to prevent credential theft. 8. Regularly audit and review database access logs for any signs of unauthorized access or suspicious queries.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-4609. See article

May 16, 2024 at 3:36 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

May 16, 2024 at 3:36 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

May 16, 2024 at 3:56 PM
CVE Assignment

NVD published the first details for CVE-2024-4609

May 16, 2024 at 4:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

May 16, 2024 at 4:36 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

May 16, 2024 at 5:16 PM
Trending

This CVE started to trend in security discussions

May 16, 2024 at 7:39 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 8.6%)

May 17, 2024 at 10:52 AM
Trending

This CVE stopped trending in security discussions

May 19, 2024 at 4:27 PM
Static CVE Timeline Graph

Affected Systems

Rockwellautomation/factorytalk_view
+null more

Patches

Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Vendor Advisory

SD1679 | Input Validation Vulnerability exists in the SequenceManager™ Server
Rockwell Automation Security Advisories / 4mo
Document Id: SD1679 Published Date: 2024-07-16T00:00:00+00:00 Last Updated Date: 2024-07-16T00:00:00+00:00 Associated CVE Id CVE-2024-4609 - Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. CWE ID : CWE-20 CAPEC ID : CAPEC-153 CVSS V4 Base Score :

News

Denial of service in Rockwell Automation SequenceManager
Security feed from CyberSecurity Help / 2mo
Update Thu Sep 12 22:27:22 UTC 2024
Recent Commits to cve:main / 2mo
Update Thu Sep 12 22:27:22 UTC 2024
CISA warns of ICS vulnerabilities in Viessmann, iniNet, Rockwell Automation, BPL Medical Technologies
Industrial Cyber / 2mo
The security agency warned of hardware vulnerabilities in Viessmann Climate Solutions; iniNet Solutions SpiderControl SCADA Web Server; and Rockwell Automation SequenceManager. In its advisory, CISA disclosed the presence of the use of hard-coded credentials, forced browsing, and command injection vulnerabilities in Viessmann Climate Solutions’ Vitogate 300 equipment deployed across the global commercial facilities sector.
CISA Releases Four Industrial Control Systems Advisories
NCSC-FI vulnerabilities summary 2024-09-10 / 2mo
Classification: Severe, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.3, CVEs: CVE-2023-5702, CVE-2024-8232, CVE-2024-4609, CVE-2024-34463, Summary: CISA released four Industrial Control Systems (ICS) advisory on September 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-254-01 Viessmann Climate Solutions SE Vitogate 300 ICSA-24-254-02 iniNet Solutions SpiderControl SCADA Web Server ICSA-24-254-03 Rockwell Automation SequenceManager ICSMA-24-254-01 BPL Medical Technologies PWS-01-BT and BPL Be Well Android Application
Rockwell Automation SequenceManager
IT Security News / 2mo
Successful exploitation of these vulnerabilities could cause a denial-of-service condition. The following versions of SequenceManager, a logix controller-based batch and sequencing solution, are affected:
See 14 more articles and social media posts

CVSS V3.1

Unknown

Categories

CWE-20(11385)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial