1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: FactoryTalk View ME
- Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to the loss of view or control of the PanelView product.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of FactoryTalk View ME, an HMI software application, are affected:
- FactoryTalk View ME: prior to v14
3.2 Vulnerability Overview
3.2.1 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CWE-79
A vulnerability exists in the affected product that allows a malicious user to restart the PanelView Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView product.
CVE-2024-21914 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-21914 has been assigned to this vulnerability. A CVSS v4 base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION:<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: