CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6436 – Rockwell Automation Input Validation Vulnerability exists in the SequenceManager™ Server
https://notcve.org/view.php?id=CVE-2024-6436
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1679.html • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7961 – Rockwell Automation Path Traversal Vulnerability in Pavilion8®
https://notcve.org/view.php?id=CVE-2024-7961
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7960 – Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8®
https://notcve.org/view.php?id=CVE-2024-7960
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html • CWE-269: Improper Privilege Management •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8533 – Rockwell Automation OptixPanel™ Privilege Escalation Vulnerability via File Permissions
https://notcve.org/view.php?id=CVE-2024-8533
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1964.html • CWE-269: Improper Privilege Management •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45823 – FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets
https://notcve.org/view.php?id=CVE-2024-45823
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201698.html • CWE-287: Improper Authentication •