Lucene search

RockwellVULNRICHMENT:CVE-2024-7960

HistorySep 12, 2024 - 8:15 p.m.

CVE-2024-7960 Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8®

2024-09-1220:15:09

CWE-269

Rockwell

github.com

rockwell automation

pavilion8®

privilege

path traversal

vulnerability

CVSS4

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:L/SI:N/VA:L/SA:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

32.2%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:rockwellautomation:pavilion8:-:*:*:*:*:*:*:*"
    ],
    "vendor": "rockwellautomation",
    "product": "pavilion8",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "v5.20",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html

CVSS4

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:L/SI:N/VA:L/SA:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

32.2%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-7960