CVE-2024-37365: 
Rockwell Automation FactoryTalk View Machine Edition vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2024-37365) was discovered in FactoryTalk View ME versions 14 and above. The vulnerability was identified internally during routine testing and disclosed on November 12, 2024. The issue affects the project save functionality within the software, specifically when using default folder privileges (Rockwell Advisory, NVD).

The vulnerability stems from improper input validation (CWE-20) in the project save functionality. It received a CVSS v3.1 base score of 7.3 (High) and a CVSS v4.0 score of 7.0 (High). The CVSS v3.1 vector string is AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating that the vulnerability requires local access and user interaction to exploit (Rockwell Advisory).

The vulnerability allows users to save projects within the public directory, enabling anyone with local access to modify or delete files. Furthermore, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code (NVD, Rockwell Advisory).

The vulnerability has been fixed in FactoryTalk View ME version 15. For users unable to upgrade, Rockwell Automation recommends hardening the Windows OS by removing the INTERACTIVE group from the folder's security properties and adding specific users or user groups with least privilege permissions. Users with read-only permission can still test run and run the FactoryTalk View ME Station. Detailed guidance can be found in FactoryTalk View ME v14 Help topic: 'HMI projects folder settings' (Rockwell Advisory).