An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.
History

Tue, 08 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation verve Asset Manager
CPEs cpe:2.3:a:rockwellautomation:verve_asset_manager:*:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation
Rockwellautomation verve Asset Manager
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
Description An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.
Title Improper Authorization Vulnerability in Rockwell Automation VerveĀ® Asset Manager
Weaknesses CWE-842
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2024-10-08T19:24:41.136Z

Updated: 2024-10-08T20:01:06.815Z

Reserved: 2024-10-01T15:56:42.546Z

Link: CVE-2024-9412

cve-icon Vulnrichment

Updated: 2024-10-08T19:56:50.931Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-08T20:15:05.543

Modified: 2024-10-10T12:51:56.987

Link: CVE-2024-9412

cve-icon Redhat

No data.