A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
Fixes

Solution

Affected Product         Affected Software Version         Corrected in Software Version         Pavilion8®                   <V5.20         V6.0 and later   Mitigations and Workarounds Customers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.     * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight


Workaround

No workaround given by the vendor.

History

Thu, 19 Sep 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:rockwellautomation:pavilion8:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Thu, 12 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation pavilion8
CPEs cpe:2.3:a:rockwellautomation:pavilion8:-:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation
Rockwellautomation pavilion8
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 20:45:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
Title Rockwell Automation Path Traversal Vulnerability in Pavilion8®
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published:

Updated: 2024-09-12T20:48:32.542Z

Reserved: 2024-08-19T18:57:07.294Z

Link: CVE-2024-7961

cve-icon Vulnrichment

Updated: 2024-09-12T20:48:26.801Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-12T21:15:03.357

Modified: 2024-09-19T01:52:24.530

Link: CVE-2024-7961

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.