// For flags

CVE-2024-9412

Improper Authorization Vulnerability in Rockwell Automation Verve® Asset Manager

Severity Score

8.4
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
Active
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
High
None
Availability
High
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-10-01 CVE Reserved
  • 2024-10-08 CVE Published
  • 2024-10-08 CVE Updated
  • 2024-10-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-842: Placement of User into Incorrect Group
CAPEC
  • CAPEC-576: Group Permission Footprinting
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rockwell Automation
Search vendor "Rockwell Automation"
Verve® Asset Manager
Search vendor "Rockwell Automation" for product "Verve® Asset Manager"
< 1.38
Search vendor "Rockwell Automation" for product "Verve® Asset Manager" and version " < 1.38"
en
Affected