CVE-2024-7960 Vulnerability Details

  /     /     /  

CVE-2024-7960 Metadata Quick Info

CVE Published: 12/09/2024 | CVE Updated: 12/09/2024 | CVE Year: 2024
Source: Rockwell | Vendor: Rockwell Automation | Product: Pavilion8®
Status : PUBLISHED

---

CVE-2024-7960 Description

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-269
CWE Name: CWE-269: Improper Privilege Management
Source: Rockwell Automation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-233
CAPEC Description: CAPEC-233 Privilege Escalation


Source: NVD (National Vulnerability Database).