CVE-2024-7960 HIGH

CVE-2024-7960: Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8®

Vendor Rockwell Automation
Product Pavilion8®
Weakness CWE-269
Published September 12, 2024
Last update September 12, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.

Key dates

02Disclosure timeline

September 12, 2024 CVE published
September 12, 2024 Record updated

Related vulnerabilities

04Related CVE