CVE-2024-7960
- EPSS 0.34%
- Veröffentlicht 12.09.2024 21:15:03
- Zuletzt bearbeitet 19.09.2024 01:52:55
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to f...
CVE-2024-7961
- EPSS 1.72%
- Veröffentlicht 12.09.2024 21:15:03
- Zuletzt bearbeitet 19.09.2024 01:52:24
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
CVE-2024-40620
- EPSS 0.06%
- Veröffentlicht 14.08.2024 20:15:12
- Zuletzt bearbeitet 31.01.2025 15:03:56
CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the ...
CVE-2024-6435
- EPSS 0.04%
- Veröffentlicht 16.07.2024 13:15:13
- Zuletzt bearbeitet 31.01.2025 15:01:23
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker ...
CVE-2023-29463
- EPSS 0.03%
- Veröffentlicht 12.09.2023 17:15:09
- Zuletzt bearbeitet 21.11.2024 07:57:06
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of the...