6 matches found
Vulnerabilities fixed in Rockwell Automation Power Monitor 1000
Rockwell Automation has fixed vulnerabilities in the Power Monitor 1000. The vulnerabilities are in the API of the Power Monitor 1000, which allows unauthorized users to configure new Policyholder users with high privileges. This allows attackers to edit existing users, create new administrators...
Rockwell Automation PowerMonitor 1000 Unprotected Alternate Channel (CVE-2024-12371)
A device takeover vulnerability exists in the affected product. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset...
Rockwell Automation Power Monitor 1000 安全漏洞
Rockwell Automation Power Monitor 1000 is a power monitor from Rockwell Automation. A security vulnerability exists in Rockwell Automation Power Monitor 1000 versions prior to 4.020, which can be exploited by an attacker to configure a new policyholder user without any authentication through the...
PT-2024-9677
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Power Monitor 1000 affected versions not specified Description: A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows the configuration of a new Policyholder user...
createAction() ,castApproval(), castDisapproval() functions vulnerable replay attacks
Lines of code Vulnerability details Impact /// @notice Mapping of policyholders to function selectors to current nonces for EIP-712 signatures. /// @dev This is used to prevent replay attacks by incrementing the nonce for each operation createAction, /// castApproval and castDisapproval signed by...
Software provider denied insurance payout after ransomware attack
The Supreme Court of Ohio issued a ruling days before the New Year that a software and service provider shouldn't be covered by insurance against a ransomware attack as it didn't cause direct or physical harm to tangible components of software, as it doesnt have any. "When insurance policy covers...