cbcvebase.

Rockwellautomation Pavilion8 vulnerabilities

5 known vulnerabilities affecting rockwellautomation/pavilion8.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-7961P2CRITICALCVSS 9.8fixed in 6.02024-09-12
CVE-2024-7961 [CRITICAL] CWE-22 CVE-2024-7961: A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, th A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
nvd
CVE-2024-6435P3HIGHCVSS 8.8v5.15.00v5.15.01+4 more2024-07-16
CVE-2024-6435 [HIGH] CWE-732 CVE-2024-6435: A privilege escalation vulnerability exists in the affected products which could allow a malicious u A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could pe
nvd
CVE-2024-7960P3CRITICALCVSS 9.1fixed in 6.02024-09-12
CVE-2024-7960 [CRITICAL] CWE-269 CVE-2024-7960: The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.
nvd
CVE-2024-40620P3HIGHCVSS 7.5v5.20.002024-08-14
CVE-2024-40620 [HIGH] CWE-311 CVE-2024-40620: CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of s CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality.
nvd
CVE-2023-29463P4MEDIUMCVSS 5.4fixed in 5.202023-09-12
CVE-2023-29463 [MEDIUM] CWE-287 CVE-2023-29463: The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does n The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.
nvd
Rockwellautomation Pavilion8 vulnerabilities | cvebase