CVE-2024-9412 Vulnerability Details

  /     /     /  

CVE-2024-9412 Metadata Quick Info

CVE Published: 08/10/2024 | CVE Updated: 08/10/2024 | CVE Year: 2024
Source: Rockwell | Vendor: Rockwell Automation | Product: Verve® Asset Manager
Status : PUBLISHED

---

CVE-2024-9412 Description

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-842
CWE Name: CWE-842: Placement of User into Incorrect Group
Source: Rockwell Automation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-576
CAPEC Description: CAPEC-576 Group Permission Footprinting


Source: NVD (National Vulnerability Database).