CVE-2024-9412 HIGH

CVE-2024-9412: Improper Authorization Vulnerability in Rockwell Automation Verve® Asset Manager

Vendor Rockwell Automation
Product Verve® Asset Manager
Weakness CWE-842
Published October 8, 2024
Last update October 8, 2024

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.

Key dates

02Disclosure timeline

October 8, 2024 CVE published
October 8, 2024 Record updated