Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9412", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-10-01T15:56:42.546Z", "datePublished": "2024-10-08T19:24:41.136Z", "dateUpdated": "2024-10-08T20:01:06.815Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Verve\u00ae Asset Manager", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "All versions < 1.38"}]}], "datePublic": "2024-10-08T19:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to. </p><p> </p>"}], "value": "An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to."}], "impacts": [{"capecId": "CAPEC-576", "descriptions": [{"lang": "en", "value": "CAPEC-576 Group Permission Footprinting"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.4, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-842", "description": "CWE-842: Placement of User into Incorrect Group", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-10-08T19:24:41.136Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201704.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><tbody><tr><td><p><br></p><p><br>Affected Product</p><p> </p><p> </p></td><td><p> </p><p> </p><p>Affected Versions</p><p> </p><p> </p></td><td><p> </p><p> </p><p>Corrected in software version</p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>Verve\u00ae Asset Manager </p><p> </p><p> </p></td><td><p> </p><p> </p><p>All versions < 1.38</p><p> </p><p> </p></td><td><p> </p><p>V1.38</p><p> </p></td></tr></tbody></table>\n\n<br>"}], "value": "Affected Product\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nAffected Versions\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in software version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nVerve\u00ae Asset Manager \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nAll versions < 1.38\n\n\u00a0\n\n\u00a0\n\n\u00a0 \u00a0 \u00a0\n\nV1.38"}], "source": {"advisory": "SD1704", "discovery": "INTERNAL"}, "title": "Improper Authorization Vulnerability in Rockwell Automation Verve\u00ae Asset Manager", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "rockwellautomation", "product": "verve_asset_manager", "cpes": ["cpe:2.3:a:rockwellautomation:verve_asset_manager:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.38", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T19:53:46.190123Z", "id": "CVE-2024-9412", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T20:01:06.815Z"}}]}}