Rockwell FactoryTalk View SE (ICSA-20-177-03) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on cleartext storage of sensitive information and weak encoding for password vulnerabilities in Rockwell Automation FactoryTalk View SE. Versions 9.0 and earlier and 10.0 are affected. Successful exploitation of these vulnerabilities could lead to unauthorized access to server data. Users of the affected versions of DeskLock provided with FactoryTalk View SE are encouraged to update to an available software version that addresses the associated risk, v10.0 or later. Users who are unable to update are directed towards risk mitigation strategies provided below, and are encouraged, when possible, to combine these with the general security guidelines to employ multiple strategies simultaneously. CISA also recommends a series of measures to mitigate the vulnerabilities. Access the advisory at CISA.