Rockwell Automation Product Security Update Advisory (CVE-2024-45823, CVE-2024-45824)

Sep 20 2024

Overview

An update has been released to address vulnerabilities in Rockwell Automation Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-45823

FactoryTalk® Batch View™ version: 2.01.00

CVE-2024-45824

FactoryTalk® View Site Edition versions: 12.0, 13.0, 14.0

Resolved Vulnerabilities

Authentication Bypass Vulnerability via Shared Secret in FactoryTalk® Batch View™ (CVE-2024-45823)

Remote code execution vulnerability due to lack of input validation in FactoryTalk® View Site Edition (CVE-2024-45824)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-45823

FactoryTalk® Batch View™ version: 3.00.00

CVE-2024-45824

See references[3] for updates

References

[1] SD1698 | FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201698.html

[2] SD1696 | FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html

[3] Patch: Check input parameter for Server side script file name, FactoryTalk View SE 12.0, 13.0, 14.0

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1151301

Rockwell Automation Product Security Update Advisory (CVE-2024-45823, CVE-2024-45824)

Microsoft Edge browser security update advisory

FreeBSD Vulnerability Security Update Advisory (CVE-2024-41721)

Tags:

Microsoft Edge browser security update advisory

FreeBSD Vulnerability Security Update Advisory (CVE-2024-41721)