CVE-2024-40620
published 2024-08-14CVE-2024-40620: CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.19%
8.4th percentile
CVE-2024-40620 IMPACT
A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | pavilion8 | — | — |
| rockwellautomation | pavilion8 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation Pavilion8
cisa_ics·2024-08-13·CVSS 5.3
[MEDIUM] Rockwell Automation Pavilion8
ICS Advisory
##
Rockwell Automation Pavilion8
Release DateAugust 13, 2024
Alert CodeICSA-24-226-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 5.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: Pavilion8
- Vulnerability: Missing Encryption of Sensitive Data
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to view sensitive data due to a lack of encryption.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions Rockwell Automation Pavilion8, a model predictive control software, are affected:
- Pavilion8: Versions v5.20 and later
## 3.2 Vulnerability Overv
GHSA
GHSA-qw7m-5v7h-8vqf: CVE-2024-40620 IMPACT
A vulnerability exists in the affected product due to lack of encryption of sensitive information
ghsa_unreviewed·2024-08-14·CVSS 5.3
CVE-2024-40620 [MEDIUM] CWE-311 GHSA-qw7m-5v7h-8vqf: CVE-2024-40620 IMPACT
A vulnerability exists in the affected product due to lack of encryption of sensitive information
CVE-2024-40620 IMPACT
A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-14
Published