Lucene search

RockwellVULNRICHMENT:CVE-2024-8533

HistorySep 12, 2024 - 8:06 p.m.

CVE-2024-8533 Rockwell Automation OptixPanel™ Privilege Escalation Vulnerability via File Permissions

2024-09-1220:06:20

CWE-269

Rockwell

github.com

cve-2024-8533

rockwell automation

privilege escalation

optixpanel™

file permissions

CVSS4

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

20.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:rockwellautomation:2800c_optixpanel_compact:4.0.0.325:*:*:*:*:*:*:*"
    ],
    "vendor": "rockwellautomation",
    "product": "2800c_optixpanel_compact",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0.325"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:rockwellautomation:2800s_optixpanel_standard:4.0.0.350:*:*:*:*:*:*:*"
    ],
    "vendor": "rockwellautomation",
    "product": "2800s_optixpanel_standard",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0.350"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:rockwellautomation:embedded_edge_compute_module:4.0.0.347:*:*:*:*:*:*:*"
    ],
    "vendor": "rockwellautomation",
    "product": "embedded_edge_compute_module",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0.347"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1964.html