Published Date: March 21, 2024
Last updated: August 5, 2025
Revision Number: 1.0
CVSS Score: v3.1 5.3/10, v.4.0 6.9/10
The security of our products is important to us as your industrial automation supplier. This issue was found internally during routine testing and is being reported based on our commitment to transparency and all business environments.
AFFECTED PRODUCTS AND SOLUTION
Affected Product |
First Known in software version |
Corrected in software version |
FactoryTalk® View ME |
<v14 |
V14 |
SECURITY ISSUE DETAILS
Rockwell Automation used CVSS v3.1 and v4.0 scoring system to assess the following security issues.
CVE-2024-21914 IMPACT
A security issue exists in the affected product. This allows a threat actor to restart the PanelView™ Plus 7 terminal remotely without security protections. This could lead to the loss of view or control of the PanelView™ product.
CVSS 3.1 Base Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 4.0 Base Score: 6.9
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CWE: Improper security protection for remote restart action
Known Exploited Vulnerability (KEV) database: No
Users can use Stakeholder-Specific Vulnerability Categorization to create more environment-specific categories.
Mitigations and Workarounds
Customers using the affected software that are unable to upgrade to the corrected versions should use security best practices.
ADDITIONAL RESOURCES
Glossary
Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited
