CVE-2024-6435 – Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®
https://notcve.org/view.php?id=CVE-2024-6435
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1681.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2024-5990 – ThinManager® ThinServer™ Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5990
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html • CWE-20: Improper Input Validation •
CVE-2024-5989 – Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5989
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html • CWE-20: Improper Input Validation •
CVE-2024-5988 – Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5988
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html • CWE-20: Improper Input Validation •
CVE-2024-37369 – Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions
https://notcve.org/view.php?id=CVE-2024-37369
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. Existe una vulnerabilidad de escalada de privilegios en el producto afectado. La vulnerabilidad permite a los usuarios con pocos privilegios editar scripts, eludir las listas de control de acceso y potencialmente obtener más acceso dentro del sistema. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1674.html • CWE-732: Incorrect Permission Assignment for Critical Resource •