Search criteria
6 vulnerabilities found for Pavilion8 by Rockwell Automation
VAR-202408-1532
Vulnerability from variot - Updated: 2025-02-05 23:23CVE-2024-40620 IMPACT
A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality. Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation of the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202408-1532",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pavilion8",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "5.20.00"
},
{
"model": "pavilion8",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "5.20.00"
},
{
"model": "pavilion8",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "pavilion8",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation pavilion8",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-36822"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017873"
},
{
"db": "NVD",
"id": "CVE-2024-40620"
}
]
},
"cve": "CVE-2024-40620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-36822",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-40620",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-40620",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-40620",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-40620",
"trust": 1.0,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2024-40620",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-36822",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-36822"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017873"
},
{
"db": "NVD",
"id": "CVE-2024-40620"
},
{
"db": "NVD",
"id": "CVE-2024-40620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CVE-2024-40620 IMPACT\n\nA vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data\u0027s confidentiality. Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation of the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-40620"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017873"
},
{
"db": "CNVD",
"id": "CNVD-2024-36822"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-40620",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU90425347",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-226-04",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017873",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-36822",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-36822"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017873"
},
{
"db": "NVD",
"id": "CVE-2024-40620"
}
]
},
"id": "VAR-202408-1532",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-36822"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-36822"
}
]
},
"last_update_date": "2025-02-05T23:23:58.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation Pavilion8 has an unspecified vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/585351"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-36822"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.0
},
{
"problemtype": "Lack of encryption of critical data (CWE-311) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Lack of encryption of critical data (CWE-311) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-017873"
},
{
"db": "NVD",
"id": "CVE-2024-40620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd%201691.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90425347/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-40620"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2024-40620/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-36822"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017873"
},
{
"db": "NVD",
"id": "CVE-2024-40620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-36822"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017873"
},
{
"db": "NVD",
"id": "CVE-2024-40620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-36822"
},
{
"date": "2025-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-017873"
},
{
"date": "2024-08-14T20:15:12.410000",
"db": "NVD",
"id": "CVE-2024-40620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-36822"
},
{
"date": "2025-02-04T02:52:00",
"db": "JVNDB",
"id": "JVNDB-2024-017873"
},
{
"date": "2025-01-31T15:03:56.407000",
"db": "NVD",
"id": "CVE-2024-40620"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0Pavilion8\u00a0 Vulnerability regarding lack of encryption of critical data in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-017873"
}
],
"trust": 0.8
}
}
VAR-202409-0797
Vulnerability from variot - Updated: 2024-10-18 03:53A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. (DoS) It may be in a state. Rockwell Automation Pavilion8 is a model prediction console of Rockwell Automation in the United States. The vulnerability is caused by the program failing to properly filter special elements in resource or file paths
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-0797",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pavilion8",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.0"
},
{
"model": "pavilion8",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "pavilion8",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "pavilion8",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "6.0"
},
{
"model": "automation rockwell automation pavilion8",
"scope": "lt",
"trust": 0.6,
"vendor": "rockwell",
"version": "v5.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40834"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008489"
},
{
"db": "NVD",
"id": "CVE-2024-7961"
}
]
},
"cve": "CVE-2024-7961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-40834",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-7961",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-7961",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-7961",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-7961",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-7961",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-40834",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40834"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008489"
},
{
"db": "NVD",
"id": "CVE-2024-7961"
},
{
"db": "NVD",
"id": "CVE-2024-7961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. (DoS) It may be in a state. Rockwell Automation Pavilion8 is a model prediction console of Rockwell Automation in the United States. The vulnerability is caused by the program failing to properly filter special elements in resource or file paths",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-7961"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008489"
},
{
"db": "CNVD",
"id": "CNVD-2024-40834"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-7961",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008489",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-40834",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40834"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008489"
},
{
"db": "NVD",
"id": "CVE-2024-7961"
}
]
},
"id": "VAR-202409-0797",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40834"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40834"
}
]
},
"last_update_date": "2024-10-18T03:53:56.762000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation Pavilion8 Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/599681"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40834"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008489"
},
{
"db": "NVD",
"id": "CVE-2024-7961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1695.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-7961"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40834"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008489"
},
{
"db": "NVD",
"id": "CVE-2024-7961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-40834"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008489"
},
{
"db": "NVD",
"id": "CVE-2024-7961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40834"
},
{
"date": "2024-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008489"
},
{
"date": "2024-09-12T21:15:03.357000",
"db": "NVD",
"id": "CVE-2024-7961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40834"
},
{
"date": "2024-09-19T23:51:00",
"db": "JVNDB",
"id": "JVNDB-2024-008489"
},
{
"date": "2024-09-19T01:52:24.530000",
"db": "NVD",
"id": "CVE-2024-7961"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0Pavilion8\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008489"
}
],
"trust": 0.8
}
}
VAR-202409-0743
Vulnerability from variot - Updated: 2024-10-18 03:46The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not. Rockwell Automation of Pavilion8 Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. Rockwell Automation Pavilion8 is a model prediction console of Rockwell Automation, an American company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-0743",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pavilion8",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.0"
},
{
"model": "pavilion8",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "pavilion8",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "pavilion8",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "6.0"
},
{
"model": "automation rockwell automation pavilion8",
"scope": "lt",
"trust": 0.6,
"vendor": "rockwell",
"version": "v5.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40835"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008408"
},
{
"db": "NVD",
"id": "CVE-2024-7960"
}
]
},
"cve": "CVE-2024-7960",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-40835",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-7960",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-7960",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-7960",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-7960",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-7960",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-40835",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40835"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008408"
},
{
"db": "NVD",
"id": "CVE-2024-7960"
},
{
"db": "NVD",
"id": "CVE-2024-7960"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not. Rockwell Automation of Pavilion8 Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. Rockwell Automation Pavilion8 is a model prediction console of Rockwell Automation, an American company",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-7960"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008408"
},
{
"db": "CNVD",
"id": "CNVD-2024-40835"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-7960",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU94816770",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-256-24",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008408",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-40835",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40835"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008408"
},
{
"db": "NVD",
"id": "CVE-2024-7960"
}
]
},
"id": "VAR-202409-0743",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40835"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40835"
}
]
},
"last_update_date": "2024-10-18T03:46:38.759000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation Pavilion8 Authorization Issue Vulnerability (CNVD-2024-40835)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/599676"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40835"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008408"
},
{
"db": "NVD",
"id": "CVE-2024-7960"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1695.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94816770/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-7960"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-24"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-40835"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008408"
},
{
"db": "NVD",
"id": "CVE-2024-7960"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-40835"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008408"
},
{
"db": "NVD",
"id": "CVE-2024-7960"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40835"
},
{
"date": "2024-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008408"
},
{
"date": "2024-09-12T21:15:03.153000",
"db": "NVD",
"id": "CVE-2024-7960"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-40835"
},
{
"date": "2024-09-19T06:57:00",
"db": "JVNDB",
"id": "JVNDB-2024-008408"
},
{
"date": "2024-09-19T01:52:55.193000",
"db": "NVD",
"id": "CVE-2024-7960"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0Pavilion8\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008408"
}
],
"trust": 0.8
}
}
VAR-202309-0807
Vulnerability from variot - Updated: 2024-08-14 15:15The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session. * Inappropriate authentication (CWE-287) - CVE-2023-29463If the vulnerability is exploited, it may be affected as follows
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0807",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pavilion8",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "5.20"
},
{
"model": "pavilion8",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "pavilion8",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "v5.17.00 v5.17.01"
},
{
"model": "automation pavilion8",
"scope": "lt",
"trust": 0.6,
"vendor": "rockwell",
"version": "5.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-79689"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003711"
},
{
"db": "NVD",
"id": "CVE-2023-29463"
}
]
},
"cve": "CVE-2023-29463",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-79689",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-29463",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-29463",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-29463",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-29463",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2023-29463",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-29463",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2023-79689",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-79689"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003711"
},
{
"db": "NVD",
"id": "CVE-2023-29463"
},
{
"db": "NVD",
"id": "CVE-2023-29463"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session. * Inappropriate authentication (CWE-287) - CVE-2023-29463If the vulnerability is exploited, it may be affected as follows",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-29463"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003711"
},
{
"db": "CNVD",
"id": "CNVD-2023-79689"
},
{
"db": "VULMON",
"id": "CVE-2023-29463"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-29463",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU92147395",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-257-07",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003711",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-79689",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-29463",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-79689"
},
{
"db": "VULMON",
"id": "CVE-2023-29463"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003711"
},
{
"db": "NVD",
"id": "CVE-2023-29463"
}
]
},
"id": "VAR-202309-0807",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-79689"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-79689"
}
]
},
"last_update_date": "2024-08-14T15:15:47.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Pavilion8\u00a0Security\u00a0Misconfiguration\u00a0Vulnerability (Login required)",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
},
{
"title": "Patch for Rockwell Automation Pavilion8 authorization issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/466231"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-79689"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003711"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003711"
},
{
"db": "NVD",
"id": "CVE-2023-29463"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-29463"
},
{
"trust": 1.1,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92147395/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-07"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-79689"
},
{
"db": "VULMON",
"id": "CVE-2023-29463"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003711"
},
{
"db": "NVD",
"id": "CVE-2023-29463"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-79689"
},
{
"db": "VULMON",
"id": "CVE-2023-29463"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003711"
},
{
"db": "NVD",
"id": "CVE-2023-29463"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-79689"
},
{
"date": "2023-09-12T00:00:00",
"db": "VULMON",
"id": "CVE-2023-29463"
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-003711"
},
{
"date": "2023-09-12T17:15:09.147000",
"db": "NVD",
"id": "CVE-2023-29463"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-79689"
},
{
"date": "2023-09-12T00:00:00",
"db": "VULMON",
"id": "CVE-2023-29463"
},
{
"date": "2024-05-15T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2023-003711"
},
{
"date": "2023-09-15T19:14:44.543000",
"db": "NVD",
"id": "CVE-2023-29463"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 Made \u00a0Pavilion8\u00a0 Improper authentication vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003711"
}
],
"trust": 0.8
}
}
CVE-2023-29463 (GCVE-0-2023-29463)
Vulnerability from nvd – Published: 2023-09-12 16:42 – Updated: 2025-02-27 20:54
VLAI?
Title
Pavilion8 Security Misconfiguration Vulnerability
Summary
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.
Severity ?
8.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Pavilion8 |
Affected:
<5.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:51:43.237837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:54:59.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pavilion8",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c5.20"
}
]
}
],
"datePublic": "2023-09-12T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\u003c/span\u003e\n\n"
}
],
"value": "\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-12T16:42:14.868Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003eRisk Mitigation \u0026amp; User Action\u003c/div\u003e\u003cdiv\u003eCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.\u003cul\u003e\u003cli\u003eUpdate to v5.20\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012\"\u003eQA43240 - Recommended Security Guidelines from Rockwell Automation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cstrong\u003eIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17.\u003c/strong\u003e\u003col\u003e\u003cli\u003eOpen the \u003ccode\u003eweb.xml\u003c/code\u003e\u0026nbsp;file in your Pavilion8\u00ae installation folder set during installation and go to \u003cem\u003eConsole\\container\\webapps\\ROOT\\WEB-INF\u003c/em\u003e, by default this would be under \u003ccode\u003eC:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF\u003c/code\u003e.\u003c/li\u003e\u003cli\u003eSearch for the text \u003ccode\u003ejmx-console-action-handler\u003c/code\u003e\u0026nbsp;and delete the below lines from \u003ccode\u003eweb.xml\u003c/code\u003e\u0026nbsp;file:\u003cbr\u003e\u003cbr\u003e\u003ccode\u003e\u0026nbsp; \u0026lt;servlet\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-name\u0026gt;jmx-console-action-handler\u0026lt;/servlet-name\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-class\u0026gt;com.pav.jboss.jmx.HtmlAdaptorServlet\u0026lt;/servlet-class\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;/servlet\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;servlet-mapping\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-name\u0026gt;jmx-console-action-handler\u0026lt;/servlet-name\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;url-pattern\u0026gt;/jmx-console/HtmlAdaptor\u0026lt;/url-pattern\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;/servlet-mapping\u0026gt;\u003c/code\u003e\u003cbr\u003e\u0026nbsp;\u003c/li\u003e\u003cli\u003eSave the changes and close the file.\u003c/li\u003e\u003cli\u003eRestart \u003cstrong\u003ePavilion8\u00ae Console Service\u003c/strong\u003e.\u003c/li\u003e\u003cli\u003eLogout and log back into the console and navigate to the URL \u003ccode\u003ehttp:// \u0026lt;FQDN\u0026gt;/jmx-console\u003c/code\u003e\u0026nbsp;to confirm you are getting the error message \u003ccode\u003eHTTP Status 404 \u2013 Not Found\u003c/code\u003e.\u003c/li\u003e\u003c/ol\u003e\u003cblockquote\u003e\u003cp\u003e\u003cu\u003eNote\u003c/u\u003e: \u003ccode\u003e\u0026lt;FQDN\u0026gt;\u003c/code\u003e\u0026nbsp;is your fully qualified domain name used for the Console login.\u003c/p\u003e\u003c/blockquote\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nRisk Mitigation \u0026 User Action\n\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability. * Update to v5.20\n * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012 \n\n\n\nIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17. * Open the web.xml\u00a0file in your Pavilion8\u00ae installation folder set during installation and go to Console\\container\\webapps\\ROOT\\WEB-INF, by default this would be under C:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF.\n * Search for the text jmx-console-action-handler\u00a0and delete the below lines from web.xml\u00a0file:\n\n\u00a0 \u003cservlet\u003e\n\u00a0 \u00a0 \u003cservlet-name\u003ejmx-console-action-handler\u003c/servlet-name\u003e\n\u00a0 \u00a0 \u003cservlet-class\u003ecom.pav.jboss.jmx.HtmlAdaptorServlet\u003c/servlet-class\u003e\n\u00a0 \u003c/servlet\u003e\n\u00a0 \u003cservlet-mapping\u003e\n\u00a0 \u00a0 \u003cservlet-name\u003ejmx-console-action-handler\u003c/servlet-name\u003e\n\u00a0 \u00a0 \u003curl-pattern\u003e/jmx-console/HtmlAdaptor\u003c/url-pattern\u003e\n\u00a0 \u003c/servlet-mapping\u003e\n\u00a0\n * Save the changes and close the file.\n * Restart Pavilion8\u00ae Console Service.\n * Logout and log back into the console and navigate to the URL http:// \u003cFQDN\u003e/jmx-console\u00a0to confirm you are getting the error message HTTP Status 404 \u2013 Not Found.\nNote: \u003cFQDN\u003e\u00a0is your fully qualified domain name used for the Console login.\n\n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pavilion8 Security Misconfiguration Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-29463",
"datePublished": "2023-09-12T16:42:14.868Z",
"dateReserved": "2023-04-06T18:42:59.008Z",
"dateUpdated": "2025-02-27T20:54:59.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29463 (GCVE-0-2023-29463)
Vulnerability from cvelistv5 – Published: 2023-09-12 16:42 – Updated: 2025-02-27 20:54
VLAI?
Title
Pavilion8 Security Misconfiguration Vulnerability
Summary
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.
Severity ?
8.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Pavilion8 |
Affected:
<5.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:51:43.237837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:54:59.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pavilion8",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c5.20"
}
]
}
],
"datePublic": "2023-09-12T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\u003c/span\u003e\n\n"
}
],
"value": "\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-12T16:42:14.868Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003eRisk Mitigation \u0026amp; User Action\u003c/div\u003e\u003cdiv\u003eCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.\u003cul\u003e\u003cli\u003eUpdate to v5.20\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012\"\u003eQA43240 - Recommended Security Guidelines from Rockwell Automation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cstrong\u003eIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17.\u003c/strong\u003e\u003col\u003e\u003cli\u003eOpen the \u003ccode\u003eweb.xml\u003c/code\u003e\u0026nbsp;file in your Pavilion8\u00ae installation folder set during installation and go to \u003cem\u003eConsole\\container\\webapps\\ROOT\\WEB-INF\u003c/em\u003e, by default this would be under \u003ccode\u003eC:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF\u003c/code\u003e.\u003c/li\u003e\u003cli\u003eSearch for the text \u003ccode\u003ejmx-console-action-handler\u003c/code\u003e\u0026nbsp;and delete the below lines from \u003ccode\u003eweb.xml\u003c/code\u003e\u0026nbsp;file:\u003cbr\u003e\u003cbr\u003e\u003ccode\u003e\u0026nbsp; \u0026lt;servlet\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-name\u0026gt;jmx-console-action-handler\u0026lt;/servlet-name\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-class\u0026gt;com.pav.jboss.jmx.HtmlAdaptorServlet\u0026lt;/servlet-class\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;/servlet\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;servlet-mapping\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-name\u0026gt;jmx-console-action-handler\u0026lt;/servlet-name\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;url-pattern\u0026gt;/jmx-console/HtmlAdaptor\u0026lt;/url-pattern\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;/servlet-mapping\u0026gt;\u003c/code\u003e\u003cbr\u003e\u0026nbsp;\u003c/li\u003e\u003cli\u003eSave the changes and close the file.\u003c/li\u003e\u003cli\u003eRestart \u003cstrong\u003ePavilion8\u00ae Console Service\u003c/strong\u003e.\u003c/li\u003e\u003cli\u003eLogout and log back into the console and navigate to the URL \u003ccode\u003ehttp:// \u0026lt;FQDN\u0026gt;/jmx-console\u003c/code\u003e\u0026nbsp;to confirm you are getting the error message \u003ccode\u003eHTTP Status 404 \u2013 Not Found\u003c/code\u003e.\u003c/li\u003e\u003c/ol\u003e\u003cblockquote\u003e\u003cp\u003e\u003cu\u003eNote\u003c/u\u003e: \u003ccode\u003e\u0026lt;FQDN\u0026gt;\u003c/code\u003e\u0026nbsp;is your fully qualified domain name used for the Console login.\u003c/p\u003e\u003c/blockquote\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nRisk Mitigation \u0026 User Action\n\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability. * Update to v5.20\n * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012 \n\n\n\nIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17. * Open the web.xml\u00a0file in your Pavilion8\u00ae installation folder set during installation and go to Console\\container\\webapps\\ROOT\\WEB-INF, by default this would be under C:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF.\n * Search for the text jmx-console-action-handler\u00a0and delete the below lines from web.xml\u00a0file:\n\n\u00a0 \u003cservlet\u003e\n\u00a0 \u00a0 \u003cservlet-name\u003ejmx-console-action-handler\u003c/servlet-name\u003e\n\u00a0 \u00a0 \u003cservlet-class\u003ecom.pav.jboss.jmx.HtmlAdaptorServlet\u003c/servlet-class\u003e\n\u00a0 \u003c/servlet\u003e\n\u00a0 \u003cservlet-mapping\u003e\n\u00a0 \u00a0 \u003cservlet-name\u003ejmx-console-action-handler\u003c/servlet-name\u003e\n\u00a0 \u00a0 \u003curl-pattern\u003e/jmx-console/HtmlAdaptor\u003c/url-pattern\u003e\n\u00a0 \u003c/servlet-mapping\u003e\n\u00a0\n * Save the changes and close the file.\n * Restart Pavilion8\u00ae Console Service.\n * Logout and log back into the console and navigate to the URL http:// \u003cFQDN\u003e/jmx-console\u00a0to confirm you are getting the error message HTTP Status 404 \u2013 Not Found.\nNote: \u003cFQDN\u003e\u00a0is your fully qualified domain name used for the Console login.\n\n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pavilion8 Security Misconfiguration Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-29463",
"datePublished": "2023-09-12T16:42:14.868Z",
"dateReserved": "2023-04-06T18:42:59.008Z",
"dateUpdated": "2025-02-27T20:54:59.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}