All advisories
HighPublished 2024-07-09 · 6h ago

ICSA-24-191-04 · CVE-2024-37369

FactoryTalk View ME remote code execution

A path-traversal in the ME runtime XML loader allows authenticated operators to escape the project sandbox and execute code as SYSTEM.

Mitigations

  1. 01Apply ME patch v14 SR2
  2. 02Block RDP from Level 2.5 to Level 3 networks
  3. 03Disable XML trace logging in production