CVE-2023-29463 HIGH

CVE-2023-29463: Pavilion8 Security Misconfiguration Vulnerability

Vendor Rockwell Automation
Product Pavilion8
Weakness CWE-287 · Improper authentication
Published September 12, 2023
Last update February 27, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.

Key dates

02Disclosure timeline

September 12, 2023 CVE published
February 27, 2025 Record updated