A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
History

Thu, 19 Sep 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation 2800c Optixpanel Compact Firmware
Rockwellautomation 2800s Optixpanel Standard Firmware
Rockwellautomation embedded Edge Compute Module Firmware
Weaknesses CWE-276
CPEs cpe:2.3:h:rockwellautomation:2800c_optixpanel_compact:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:2800s_optixpanel_standard:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:embedded_edge_compute_module:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:2800c_optixpanel_compact_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:2800s_optixpanel_standard_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:embedded_edge_compute_module_firmware:*:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation 2800c Optixpanel Compact Firmware
Rockwellautomation 2800s Optixpanel Standard Firmware
Rockwellautomation embedded Edge Compute Module Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Thu, 12 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation 2800c Optixpanel Compact
Rockwellautomation 2800s Optixpanel Standard
Rockwellautomation embedded Edge Compute Module
CPEs cpe:2.3:o:rockwellautomation:2800c_optixpanel_compact:4.0.0.325:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:2800s_optixpanel_standard:4.0.0.350:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:embedded_edge_compute_module:4.0.0.347:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation
Rockwellautomation 2800c Optixpanel Compact
Rockwellautomation 2800s Optixpanel Standard
Rockwellautomation embedded Edge Compute Module
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 20:15:00 +0000

Type Values Removed Values Added
Description A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
Title Rockwell Automation OptixPanelâ„¢ Privilege Escalation Vulnerability via File Permissions
Weaknesses CWE-269
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2024-09-12T20:06:20.913Z

Updated: 2024-09-12T20:58:17.171Z

Reserved: 2024-09-06T17:15:15.321Z

Link: CVE-2024-8533

cve-icon Vulnrichment

Updated: 2024-09-12T20:30:58.190Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-12T20:15:05.820

Modified: 2024-09-19T01:57:23.830

Link: CVE-2024-8533

cve-icon Redhat

No data.