Rockwell Automation‘s FactoryTalk View SE, a widely-used industrial control system software, has been found to contain a critical vulnerability (CVE-2024-4609) due to improper input validation. This vulnerability allows an attacker to inject malicious SQL statements into the database, potentially exposing sensitive information and enabling modification or deletion of data. The flaw affects versions prior to 14.0 and poses significant risks, especially since it can be exploited remotely with low attack complexity.
The vulnerability primarily impacts HMI design time rather than runtime, but the consequences of successful exploitation can be severe. Critical infrastructure sectors such as Chemical, Energy, and Water and Wastewater Systems that rely on this software are particularly at risk. Rockwell Automation, headquartered in the United States, has acknowledged the issue and reported it to CISA, recommending an upgrade to version 14 to address the vulnerability.
CISA advises additional defensive measures, including minimizing network exposure of control system devices, using firewalls, and employing secure remote access methods like VPNs. Organizations should also implement proactive cybersecurity strategies and conduct thorough risk assessments before deploying these defenses. For further guidance and best practices, resources are available on the CISA ICS webpage. No public exploitation of this specific vulnerability has been reported, but vigilance and immediate action are urged to protect against potential threats.
Reference:
