An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.
Metrics
Affected Vendors & Products
References
History
Tue, 08 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rockwellautomation
Rockwellautomation verve Asset Manager |
|
CPEs | cpe:2.3:a:rockwellautomation:verve_asset_manager:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rockwellautomation
Rockwellautomation verve Asset Manager |
|
Metrics |
ssvc
|
Tue, 08 Oct 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to. | |
Title | Improper Authorization Vulnerability in Rockwell Automation VerveĀ® Asset Manager | |
Weaknesses | CWE-842 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Rockwell
Published: 2024-10-08T19:24:41.136Z
Updated: 2024-10-08T20:01:06.815Z
Reserved: 2024-10-01T15:56:42.546Z
Link: CVE-2024-9412
Vulnrichment
Updated: 2024-10-08T19:56:50.931Z
NVD
Status : Awaiting Analysis
Published: 2024-10-08T20:15:05.543
Modified: 2024-10-10T12:51:56.987
Link: CVE-2024-9412
Redhat
No data.