Published Date: 9/12/24
Revision Number: 1.0
CVSS Score: 3.1: 7.6, 7.2 4.0: 8.8, 7.6
The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improve their business or production environments.
AFFECTED PRODUCTS AND SOLUTION
Affected Product
|
Affected Software Version
|
Corrected in Software Version
|
Pavilion8®
|
<V5.20
|
V6.0 and later
|
VULNERABILITY DETAILS
Rockwell Automation used the latest versions of the CVSS scoring system to assess the vulnerabilities.
CVE-2024-7960 IMPACT
The affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.
CVSS 3.1 Base Score: 7.6
CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CVSS 4.0 Base Score: 8.8
CVSS 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
CWE: Improper Privilege Management
Known Exploited Vulnerability (KEV) database: No
CVE-2024-7961 IMPACT
A path traversal vulnerability exists in the affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
CVSS 3.1 Base Score: 7.2
CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 4.0 Base Score: 8.6
CVSS 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Known Exploited Vulnerability (KEV) database: No
Mitigations and Workarounds
Customers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
ADDITIONAL RESOURCES