cbcvebase.
CVE-2024-7960
published 2024-09-12

CVE-2024-7960: The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The…

PriorityP349critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.45%
36.0th percentile
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.

Affected

2 ranges
VendorProductVersion rangeFixed in
rockwell_automationpavilion8
rockwellautomationpavilion8< 6.06.0

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.