CVE-2024-8533: Rockwell Automation OptixPanel™ Privilege Escalation Vulnerability via File Permissions

First published: Thu Sep 12 2024(Updated: )

A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.

Credit: PSIRT@rockwellautomation.com

Affected Software	Affected Version	How to fix
All of
Rockwellautomation 2800c Optixpanel Compact Firmware	>=4.0.0.325<4.0.2.116
Rockwellautomation 2800c Optixpanel Compact
All of
Rockwellautomation 2800s Optixpanel Standard Firmware	>=4.0.0.350<4.0.2.123
Rockwellautomation 2800s Optixpanel Standard
All of
Rockwellautomation Embedded Edge Compute Module Firmware	>=4.0.0.347<4.0.2.106
Rockwellautomation Embedded Edge Compute Module

Remedy

Affected Product First Known in Software Version Corrected in Software Version 2800C OptixPanel™ Compact 4.0.0.325 4.0.2.116 2800S OptixPanel™ Standard 4.0.0.350 4.0.2.123 Embedded Edge Compute Module 4.0.0.347 4.0.2.106 Mitigations and Workarounds Customers using the affected software are encouraged to apply security best practices * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight to minimize the risk of the vulnerability.

Never miss a vulnerability like this again

Reference Links

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1964.html

agent/remedy
agent/title
agent/references
agent/description
agent/type
agent/first-publish-date
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/epss-latest
source/FIRST
agent/epss
agent/last-modified-date
agent/weakness
agent/severity
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/rockwellautomation
canonical/rockwellautomation 2800c optixpanel compact firmware
version/rockwellautomation 2800c optixpanel compact firmware/4.0.0.325
canonical/rockwellautomation 2800c optixpanel compact
canonical/rockwellautomation 2800s optixpanel standard firmware
version/rockwellautomation 2800s optixpanel standard firmware/4.0.0.350
canonical/rockwellautomation 2800s optixpanel standard
canonical/rockwellautomation embedded edge compute module firmware
version/rockwellautomation embedded edge compute module firmware/4.0.0.347
canonical/rockwellautomation embedded edge compute module

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.