CVE-2024-9412
Improper Authorization Vulnerability in Rockwell Automation Verve® Asset Manager
Severity Score
8.4
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-10-01 CVE Reserved
- 2024-10-08 CVE Published
- 2024-10-08 CVE Updated
- 2024-10-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-842: Placement of User into Incorrect Group
CAPEC
- CAPEC-576: Group Permission Footprinting
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201704.html |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwell Automation Search vendor "Rockwell Automation" | Verve® Asset Manager Search vendor "Rockwell Automation" for product "Verve® Asset Manager" | < 1.38 Search vendor "Rockwell Automation" for product "Verve® Asset Manager" and version " < 1.38" | en |
Affected
| ||||||