Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®
CVE-2024-6435

8.8HIGH

Key Information:

Vendor: Rockwell Automation
Status: Pavilion8®
Vendor: CVE Published:; 16 July 2024

Summary

A privilege escalation vulnerability in Rockwell Automation products allows users with basic access rights to inadvertently gain access to functionalities typically restricted to administrators. This means that attackers can potentially read sensitive data or create new user accounts with escalated privileges. Such unauthorized access could lead to significant security breaches and unauthorized manipulation of critical system settings.

Affected Version(s)

Pavilion8® 5.15.00

Pavilion8® 5.15.01

Pavilion8® 5.16.00

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024