CVE-2023-29463 - OpenCVE

The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rockwellautomation	Pavilion8

Configuration 1 [-]

cpe:2.3:a:rockwellautomation:pavilion8:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590

History

No history.

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2023-09-12T16:42:14.868Z

Updated: 2024-08-02T14:07:46.424Z

Reserved: 2023-04-06T18:42:59.008Z

Link: CVE-2023-29463

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-12T17:15:09.147

Modified: 2023-09-15T19:14:44.543

Link: CVE-2023-29463

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29463", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2023-04-06T18:42:59.008Z", "datePublished": "2023-09-12T16:42:14.868Z", "dateUpdated": "2024-08-02T14:07:46.424Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Pavilion8", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "<5.20"}]}], "datePublic": "2023-09-12T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.</span>\n\n"}], "value": "\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\n\n"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2023-09-12T16:42:14.868Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<div>Risk Mitigation & User Action</div><div>Customers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.<ul><li>Update to v5.20</li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012\">QA43240 - Recommended Security Guidelines from Rockwell Automation</a></li></ul><br><strong>If customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17.</strong><ol><li>Open the <code>web.xml</code> file in your Pavilion8\u00ae installation folder set during installation and go to <em>Console\\container\\webapps\\ROOT\\WEB-INF</em>, by default this would be under <code>C:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF</code>.</li><li>Search for the text <code>jmx-console-action-handler</code> and delete the below lines from <code>web.xml</code> file:<br><br><code>  <servlet><br>    <servlet-name>jmx-console-action-handler</servlet-name><br>    <servlet-class>com.pav.jboss.jmx.HtmlAdaptorServlet</servlet-class><br>  </servlet><br>  <servlet-mapping><br>    <servlet-name>jmx-console-action-handler</servlet-name><br>    <url-pattern>/jmx-console/HtmlAdaptor</url-pattern><br>  </servlet-mapping></code><br> </li><li>Save the changes and close the file.</li><li>Restart <strong>Pavilion8\u00ae Console Service</strong>.</li><li>Logout and log back into the console and navigate to the URL <code>http:// <FQDN>/jmx-console</code> to confirm you are getting the error message <code>HTTP Status 404 \u2013 Not Found</code>.</li></ol><blockquote><p><u>Note</u>: <code><FQDN></code> is your fully qualified domain name used for the Console login.</p></blockquote></div>\n\n<br>"}], "value": "\nRisk Mitigation & User Action\n\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability. * Update to v5.20\n * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012 \n\n\n\nIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17. * Open the web.xml\u00a0file in your Pavilion8\u00ae installation folder set during installation and go to Console\\container\\webapps\\ROOT\\WEB-INF, by default this would be under C:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF.\n * Search for the text jmx-console-action-handler\u00a0and delete the below lines from web.xml\u00a0file:\n\n\u00a0 <servlet>\n\u00a0 \u00a0 <servlet-name>jmx-console-action-handler</servlet-name>\n\u00a0 \u00a0 <servlet-class>com.pav.jboss.jmx.HtmlAdaptorServlet</servlet-class>\n\u00a0 </servlet>\n\u00a0 <servlet-mapping>\n\u00a0 \u00a0 <servlet-name>jmx-console-action-handler</servlet-name>\n\u00a0 \u00a0 <url-pattern>/jmx-console/HtmlAdaptor</url-pattern>\n\u00a0 </servlet-mapping>\n\u00a0\n * Save the changes and close the file.\n * Restart Pavilion8\u00ae Console Service.\n * Logout and log back into the console and navigate to the URL http:// <FQDN>/jmx-console\u00a0to confirm you are getting the error message HTTP Status 404 \u2013 Not Found.\nNote: <FQDN>\u00a0is your fully qualified domain name used for the Console login.\n\n\n\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Pavilion8 Security Misconfiguration Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:46.424Z"}, "title": "CVE Program Container", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:pavilion8:*:*:*:*:*:*:*:*", "matchCriteriaId": "269FEE95-7517-453F-98E7-1D3B19ADF191", "versionEndExcluding": "5.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\n\n"}, {"lang": "es", "value": "La consola JMX dentro de Rockwell Automation Pavilion8 est\u00e1 expuesta a los usuarios de la aplicaci\u00f3n y no requiere autenticaci\u00f3n. Si se explota, un usuario malintencionado podr\u00eda potencialmente recuperar los datos de sesi\u00f3n de otros usuarios de la aplicaci\u00f3n o cerrar la sesi\u00f3n de los usuarios."}], "id": "CVE-2023-29463", "lastModified": "2023-09-15T19:14:44.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2023-09-12T17:15:09.147", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}