CVE-2024-37369 – Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions
https://notcve.org/view.php?id=CVE-2024-37369
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. Existe una vulnerabilidad de escalada de privilegios en el producto afectado. La vulnerabilidad permite a los usuarios con pocos privilegios editar scripts, eludir las listas de control de acceso y potencialmente obtener más acceso dentro del sistema. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1674.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2024-4609 – Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-4609
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. Existe una vulnerabilidad en la función FactoryTalk® View SE Datalog de Rockwell Automation que podría permitir que un actor malicioso inyecte una declaración SQL maliciosa si la base de datos SQL no tiene autenticación implementada o si se robaron credenciales legítimas. • https://www.rockwellautomation.com/en-us/support/advisory.SD1670.html • CWE-20: Improper Input Validation •