CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. If exploited, a malicious user could take over the account of a legitimate user. The malicious user would be able to view and modify data stored in the cloud.
History

Mon, 19 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation datamosaix
CPEs cpe:2.3:a:rockwellautomation:datamosaix:*:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation
Rockwellautomation datamosaix
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 20:00:00 +0000

Type Values Removed Values Added
Description CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. If exploited, a malicious user could take over the account of a legitimate user. The malicious user would be able to view and modify data stored in the cloud.
Title Rockwell Automation Authentication Bypass Vulnerability in DataMosaix™
Weaknesses CWE-287
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2024-08-14T19:45:08.139Z

Updated: 2024-08-19T18:43:37.917Z

Reserved: 2024-06-17T16:31:04.293Z

Link: CVE-2024-6078

cve-icon Vulnrichment

Updated: 2024-08-19T18:43:32.525Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-14T20:15:12.780

Modified: 2024-08-15T13:01:10.150

Link: CVE-2024-6078

cve-icon Redhat

No data.