8.8
CVE-2024-8533
- EPSS 0.08%
- Published 12.09.2024 20:15:05
- Last modified 19.09.2024 01:57:23
- Source PSIRT@rockwellautomation.com
- Teams watchlist Login
- Open Login
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
Data is provided by the National Vulnerability Database (NVD)
Rockwellautomation ≫ 2800c Optixpanel Compact Firmware Version >= 4.0.0.325 < 4.0.2.116
Rockwellautomation ≫ 2800s Optixpanel Standard Firmware Version >= 4.0.0.350 < 4.0.2.123
Rockwellautomation ≫ Embedded Edge Compute Module Firmware Version >= 4.0.0.347 < 4.0.2.106
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.232 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| PSIRT@rockwellautomation.com | 7.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.