Rockwell Automation FactoryTalk View SE (ICSA-20-170-05) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on improper input validation, improper restriction of operations within the bounds of a memory buffer, permissions, privileges, and access controls, and exposure of sensitive information to an unauthorized actor vulnerabilities in Rockwell Automation FactoryTalk Services Platform. All versions of FactoryTalk View SE are affected. Successful exploitation of these vulnerabilities may allow a remote authenticated attacker to manipulate data of affected devices. Rockwell Automation has released new versions of the affected products to mitigate the reported vulnerabilities. Affected users who are not able to apply the latest update are encouraged to seek additional mitigations or workarounds from the vendor’s published guidelines in its security advisory. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.