cbcvebase.
CVE-2024-6435
published 2024-07-16

CVE-2024-6435: A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should…

PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.49%
38.3th percentile
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.

Affected

12 ranges
VendorProductVersion rangeFixed in
rockwell_automationpavilion8
rockwell_automationpavilion8
rockwell_automationpavilion8
rockwell_automationpavilion8
rockwell_automationpavilion8
rockwell_automationpavilion8
rockwellautomationpavilion8
rockwellautomationpavilion8
rockwellautomationpavilion8
rockwellautomationpavilion8
rockwellautomationpavilion8
rockwellautomationpavilion8

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.