CVE-2024-6435

HIGH

Rockwellautomation Rockwell Automation Pavilion8 - Privilege Escalation

Title source: llm

Description

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.

References (1)

Core 1

Core References

Vendor Advisory

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1681.html

Scores

CVSS v3 8.8

EPSS 0.0005

EPSS Percentile 16.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-732

Status published

Products (6)

rockwellautomation/pavilion8 5.15.00

rockwellautomation/pavilion8 5.15.01

rockwellautomation/pavilion8 5.16.00

rockwellautomation/pavilion8 5.17.00

rockwellautomation/pavilion8 5.17.01

rockwellautomation/pavilion8 5.20.00

Published Jul 16, 2024

Tracked Since Feb 18, 2026