CVE-2024-6078 HIGH

CVE-2024-6078: Rockwell Automation Authentication Bypass Vulnerability in DataMosaix™

Vendor Rockwell Automation
Product DataMosaix™
Weakness CWE-287 · Improper authentication
Published August 14, 2024
Last update August 19, 2024

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. If exploited, a malicious user could take over the account of a legitimate user. The malicious user would be able to view and modify data stored in the cloud.

Key dates

02Disclosure timeline

August 14, 2024 CVE published
August 19, 2024 Record updated