Rockwell Automation FactoryTalk View SE Incorrect Permission Assignment Vulnerability Allowing Unauthenticated Access to System Configuration
Vulnerability
A vulnerability exists in FactoryTalk View Site Edition versions prior to 15.0, as well as in versions 12, 13, and 14 of the same product. This vulnerability is due to incorrect permissions assigned to the remote debugger port, which can lead to unauthenticated access to the system configuration.
Impact
Exploitation of this vulnerability could result in unauthorized access to system configuration settings, potentially allowing for further manipulation or disruption of the application.
Remediation
Users are advised to upgrade to version 15.0 or apply the patch available for version 14. For versions 12, 13, and 14, the specific patch information can be found in Rockwell Automation's Answer ID 1152304. Additionally, it is recommended to protect physical access to the workstation and restrict access to port 8091 at the network or workstation level.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.