Rockwell Automation Pavilion8 License Issue Vulnerability (CNVD-2024-40835)

Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. Rockwell Automation Pavilion8 suffers from an authorization issue vulnerability that stems from an incorrect privilege matrix, which can be exploited by an attacker to access unauthorized functionality...

Rockwell Automation Pavilion8 Path Traversal Vulnerability

Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. Rockwell Automation Pavilion8 suffers from a path traversal vulnerability that stems from the program failing to properly filter for special elements in the path of a resource or file, which could be exploited b...

CVE-2024-7961 Rockwell Automation Path Traversal Vulnerability in Pavilion8®

A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution...

CVE-2024-7961 Rockwell Automation Path Traversal Vulnerability in Pavilion8®

A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution...

CVE-2024-7960 Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8®

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not...

CVE-2024-7960 Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8®

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not...

Rockwell Automation Pavilion8

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerabilities : Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Rockwell Automation Pavilion8 安全漏洞

Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. Rockwell Automation Pavilion8 suffers from an authorization issue vulnerability that stems from an incorrect privilege matrix, which can be exploited by an attacker to access unauthorized functionality...

PT-2024-6522 · Rockwell Automation · Rockwell Automation Pavilion8

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Pavilion8 affected versions not specified Description: The issue is related to insecure privilege management, allowing a threat actor to view sensitive information and change settings due to an incorrect privilege matrix...

PT-2024-6521 · Rockwell Automation · Rockwell Automation Pavilion8

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Pavilion8 affected versions not specified Description: A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could...

Unspecified Vulnerability in Rockwell Automation Pavilion8

Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. A security vulnerability in Rockwell Automation Pavilion8 version 5.20, which stems from a lack of encryption of sensitive information, can be exploited by an attacker to cause data sent between the console and...

CVE-2024-40620 Rockwell Automation Pavilion8® Unencrypted Data Vulnerability via HTTP protocol

CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the...

CVE-2024-40620 Rockwell Automation Pavilion8® Unencrypted Data Vulnerability via HTTP protocol

CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the...

PT-2024-28947 · Rockwell Automation · Pavilion8

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Pavilion8 version 5.20 Description: A vulnerability exists in the affected product due to a lack of encryption of sensitive information. This results in data being sent between the Console and the Dashboard without...

Rockwell Automation Pavilion8

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerability : Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

CVE-2024-6435 Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. Fo...

CVE-2024-6435 Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. Fo...

Rockwell Automation Pavilion8 安全漏洞

Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. An elevation of privilege vulnerability exists in Rockwell Automation Pavilion 8, which can be exploited by an attacker to read sensitive data and create users...

Rockwell Automation Pavilion8 License Issue Vulnerability

Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. Rockwell Automation Pavilion8 suffers from an authorization issue vulnerability that stems from the fact that the JMX Console is publicly available to users and does not require authentication. An attacker could...

Rockwell Automation Pavilion8

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerability : Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve other...