Device Takeover Vulnerability in Rockwell Automation Power Monitor 1000
CVE-2024-12371

Currently unrated

Key Information:

Vendor: Rockwell Automation
Status: Power Monitor 1000
Vendor: CVE Published:; 18 December 2024

Summary

A serious device takeover vulnerability in the Rockwell Automation Power Monitor 1000 enables unauthorized configuration of a new Policyholder user through an API without authentication. The Policyholder role possesses the highest level of privileges, granting the ability to create admin users, edit settings, and even perform factory resets. This flaw poses a significant risk to system integrity and requires immediate attention to secure affected installations.

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

Timeline

Vulnerability published
Dec 18, 2024