CVE-2024-7960

Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8®

CVSS 8.8 HIGHEPSS 0.5%CWE-269

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

12 Sep 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Affected products

Rockwell Automation · Pavilion8®

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html