CVE-2024-21914:
A vulnerability in Rockwell Automation FactoryTalk View ME running on PanelView Plus 7 boot terminals allows a malicious user to remotely restart the terminal without security protections, potentially resulting in loss of view or control of the PanelView product. The issue affects versions earlier than v14.
Score
A numerical rating that indicates how dangerous this vulnerability is.
5.3Medium- Published Date:Mar 25, 2024
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.0
- EPSS Percentile:13%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:1.4
- Confidentiality Impact:NONE
- Integrity Impact:NONE
- Availability Impact:LOW
Description Preview
A vulnerability in Rockwell Automation FactoryTalk View ME running on PanelView Plus 7 boot terminals allows a malicious user to remotely restart the terminal without security protections, potentially resulting in loss of view or control of the PanelView product. The issue affects versions earlier than v14.
Overview
This CVE covers a risk in FactoryTalk View ME on PanelView Plus 7 boot terminals where a remote restart can be initiated without proper security protections, potentially removing operators’ view or control over the PanelView device. The vulnerability affects versions older than v14 and carries a medium severity with network-based exploitation, requiring no user interaction or privileges. Mitigation centers on upgrading to a fixed release or applying vendor-recommended security practices to minimize exposure.
Remediation
- Upgrade to FactoryTalk View ME version 14 or later (the fixed release) to address the vulnerability.
- If upgrading is not possible, apply the vendor’s security best practices immediately:
- Limit exposure by isolating the PanelView Plus 7 terminal behind network boundaries (firewalls, segmentation) and restrict remote restart capabilities where feasible.
- Enforce strong access controls and authentication for management interfaces; disable anonymous remote restart features if available.
- Restrict remote management to trusted networks and apply principle of least privilege.
- Monitor and log restart attempts and review security advisories for additional defensive steps.
- Review and implement Rockwell Security Best Practices as outlined in their guidance: Security Best Practices link.
- Verify the remediation with a follow-up assessment or scan to confirm the vulnerability is mitigated.
- References for remediation guidance:
- Rockwell Automation Advisory SD1663: https://www.rockwellautomation.com/en-us/support/advisory.SD1663.html
- Security Best Practices: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
