Device Takeover Vulnerability in Rockwell Automation Power Monitor 1000

CVE-2024-12371

What is CVE-2024-12371?

A serious device takeover vulnerability in the Rockwell Automation Power Monitor 1000 enables unauthorized configuration of a new Policyholder user through an API without authentication. The Policyholder role possesses the highest level of privileges, granting the ability to create admin users, edit settings, and even perform factory resets. This flaw poses a significant risk to system integrity and requires immediate attention to secure affected installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References