CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-6435: Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®

8.8 CVSS

Description

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.

Classification

CVE ID: CVE-2024-6435

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-732 Incorrect Permission Assignment for Critical Resource

Affected Products

Vendor: Rockwell Automation

Product: Pavilion8®

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 17.41% (scored less or equal to compared to others)

EPSS Date: 2025-05-30 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: manipulation

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-6435
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1681.html

Timeline

2025-05-01 17:42:55 UTC
CVE

Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®