CVE-2024-8533
7.7
Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow more
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: PSIRT@rockwellautomation.com (Secondary)
Description
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.0.0.325 to 4.0.2.116 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 2800c Optixpanel Compact | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.0.0.350 to 4.0.2.123 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation 2800s Optixpanel Standard | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.0.0.347 to 4.0.2.106 |
| Running on/with | Platform Versions |
|---|---|
Rockwellautomation Embedded Edge Compute Module | All versions |
Related CWEs
CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
References (1)
Source: PSIRT@rockwellautomation.com
Vendor Advisory
Timeline
No history available yet.