Lucene search

RockwellCVELIST:CVE-2023-29463

HistorySep 12, 2023 - 4:42 p.m.

CVE-2023-29463 Pavilion8 Security Misconfiguration Vulnerability

2023-09-1216:42:14

CWE-287

Rockwell

www.cve.org

rockwell automation

pavilion8

jmx console

security misconfiguration

vulnerability

authentication

session data

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Pavilion8",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "<5.20"
      }
    ]
  }
]

References

rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVELIST:CVE-2023-29463