ID

VAR-202405-3782


CVE

CVE-2024-4609


TITLE

Rockwell Automation FactoryTalk View SE SQL Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-26044

DESCRIPTION

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States

Trust: 1.44

sources: NVD: CVE-2024-4609 // CNVD: CNVD-2024-26044

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-26044

AFFECTED PRODUCTS

vendor:rockwellmodel:automation factorytalk view sescope:ltversion:14.0

Trust: 0.6

sources: CNVD: CNVD-2024-26044

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2024-26044
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-26044
severity: HIGH
baseScore: 8.0
vectorString: AV:N/AC:L/AU:S/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2024-26044

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2024-4609

PATCH

title:Patch for Rockwell Automation FactoryTalk View SE SQL Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/554336

Trust: 0.6

sources: CNVD: CNVD-2024-26044

EXTERNAL IDS

db:NVDid:CVE-2024-4609

Trust: 1.6

db:CNVDid:CNVD-2024-26044

Trust: 0.6

sources: CNVD: CNVD-2024-26044 // NVD: CVE-2024-4609

REFERENCES

url:https://www.rockwellautomation.com/en-us/support/advisory.sd1670.html

Trust: 1.0

url:https://cxsecurity.com/cveshow/cve-2024-4609/

Trust: 0.6

sources: CNVD: CNVD-2024-26044 // NVD: CVE-2024-4609

SOURCES

db:CNVDid:CNVD-2024-26044
db:NVDid:CVE-2024-4609

LAST UPDATE DATE

2024-08-14T14:29:49.457000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-26044date:2024-06-05T00:00:00
db:NVDid:CVE-2024-4609date:2024-05-17T18:36:31.297

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-26044date:2024-06-06T00:00:00
db:NVDid:CVE-2024-4609date:2024-05-16T16:15:10.750