Skip to main content

Factorytalk View CVE-2024-21914

MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2024-03-25 PSIRT@rockwellautomation.com
5.3
CVSS 3.1 · Vendor: rockwellautomation
Share

Severity by source

Vendor (rockwellautomation) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from Vendor (rockwellautomation) · only source for this CVE.

CVSS VectorVendor: rockwellautomation

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Mar 25, 2024 - 22:37 cve.org
MEDIUM 5.3

DescriptionCVE.org

A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product.

AnalysisAI

A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product. Affected products include: Rockwellautomation Factorytalk View.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2020-12028 HIGH POC
8.1 Jul 20

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to int

CVE-2020-12029 HIGH POC
7.8 Jul 20

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. Rated high s

CVE-2020-12027 MEDIUM POC
4.3 Jul 20

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. Rated med

CVE-2023-2071 CRITICAL
9.8 Sep 12

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allo

CVE-2024-45824 CRITICAL
9.2 Sep 12

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. Rated critical severity (CVSS 9.2), t

CVE-2024-4609 HIGH
8.8 May 16

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor

CVE-2024-7513 HIGH
8.5 Aug 14

CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this

CVE-2024-37369 HIGH
8.5 Jun 14

A privilege escalation vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this vulnerability

CVE-2024-37368 HIGH
8.2 Jun 14

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. Rated high severity (CVSS 8.

CVE-2024-37367 HIGH
8.2 Jun 14

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. Rated high severity (CVS

CVE-2020-12031 HIGH
7.8 Jul 20

In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a lo

CVE-2023-46289 HIGH
7.5 Oct 27

Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow thr

Share

CVE-2024-21914 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy