CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40620 – Rockwell Automation Pavilion8® Unencrypted Data Vulnerability via HTTP protocol
https://notcve.org/view.php?id=CVE-2024-40620
CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201691.html • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40619 – Rockwell Automation GuardLogix/ControlLogix 5580 Controller denial-of-service Vulnerability via Malformed Packet Handling
https://notcve.org/view.php?id=CVE-2024-40619
CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201690.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7513 – Rockwell Automation FactoryTalk® View Site Edition Code Execution Vulnerability via File Permissions
https://notcve.org/view.php?id=CVE-2024-7513
CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201688.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6078 – Rockwell Automation Authentication Bypass Vulnerability in DataMosaix™
https://notcve.org/view.php?id=CVE-2024-6078
CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. If exploited, a malicious user could take over the account of a legitimate user. The malicious user would be able to view and modify data stored in the cloud. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201687.html • CWE-287: Improper Authentication •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-7515 – Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation
https://notcve.org/view.php?id=CVE-2024-7515
CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201686.html • CWE-20: Improper Input Validation •