8.8
CVE-2024-8533
- EPSS 0.08%
- Veröffentlicht 12.09.2024 20:15:05
- Zuletzt bearbeitet 19.09.2024 01:57:23
- Quelle PSIRT@rockwellautomation.com
- Teams Watchlist Login
- Unerledigt Login
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rockwellautomation ≫ 2800c Optixpanel Compact Firmware Version >= 4.0.0.325 < 4.0.2.116
Rockwellautomation ≫ 2800s Optixpanel Standard Firmware Version >= 4.0.0.350 < 4.0.2.123
Rockwellautomation ≫ Embedded Edge Compute Module Firmware Version >= 4.0.0.347 < 4.0.2.106
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.232 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| PSIRT@rockwellautomation.com | 7.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.