CVE-2024-8533 HIGH

CVE-2024-8533: Rockwell Automation OptixPanel™ Privilege Escalation Vulnerability via File Permissions

Vendor Rockwell Automation

Product 2800C OptixPanel™ Compact

Weakness CWE-269

Published September 12, 2024

Last update September 12, 2024

View on NVD All CVEs

CVSS base score

7.7/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.

Key dates

02Disclosure timeline

September 12, 2024 CVE published

September 12, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8533 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2024-8533

CWE CWE-269

CVSS 7.7 / HIGH

Affected versions

Vendor Rockwell Automation

Product 2800C OptixPanel™ Compact

Affected 4.0.0.325

Vendor Rockwell Automation

Product 2800S OptixPanel™ Standard

Affected 4.0.0.350

Vendor Rockwell Automation

Product Embedded Edge Compute Module

Affected 4.0.0.347

CVE-2024-8533: Rockwell Automation OptixPanel™ Privilege Escalation Vulnerability via File Permissions

01Description

02Disclosure timeline

03References

04Related CVE