Rockwell Automation FactoryTalk View ME

Risk Summary

Successful exploitation of this vulnerability could allow a local low-privileged user to escalate their privileges by changing the macro to execute arbitrary code.

CVEs (1)

Remediations

• Rockwell Automation has corrected this problem in V15.0.
• Rockwell Automation encourages users of the affected software, who are not able to upgrade to one of the corrected versions, to apply the following risk mitigations where possible.
• To enhance security and help prevent unauthorized modifications to HMI project files, harden the Windows OS by removing the INTERACTIVE group from the folder's security properties.
• Add specific users or user groups and assign their permissions to this folder using the least privileges principle. Users with read-only permission can still test run and run the FactoryTalk View ME Station.
• Guidance can be found in FactoryTalk View ME v14 Help topic: "HMI projects folder settings". It can be opened through the FactoryTalk View ME Studio menu "help\Contents\FactoryTalk View ME Help\Create a Machine Edition application->Open applications->HMI project folder settings".
• Security Best Practices
• For more information, see Rockwell Automation's security advisory

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing