CVE-2024-7960: Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8®
First published: Thu Sep 12 2024(Updated: )
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Pavilion8 | <6.0 |
Remedy
Affected Product Affected Software Version Corrected in Software Version Pavilion8® <V5.20 V6.0 and later Mitigations and Workarounds Customers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/remedy
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/softwarecombine
- vendor/rockwellautomation
- canonical/rockwellautomation pavilion8