Analysis Summary

CVE-2024-45826 CVSS:8.5

Rockwell Automation ThinManager could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted POST request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-45824 CVSS:9.8

Rockwell FactoryTalk View Site Edition could allow a remote attacker to execute arbitrary code on the system, caused by an error when chained with Path Traversal, Command Injection, and XSS Vulnerabilities. An attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-45823 CVSS:9.2

Rockwell Automation FactoryTalk Batch View could allow a remote attacker to bypass security restrictions, caused by a flaw with sharing secrets across accounts. By sending a specially crafted request, an attacker could exploit this vulnerability to impersonate a user.

CVE-2024-45825 CVSS:8.7

Rockwell Automation 5015-U8IHFT is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted CIP packet, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-8533 CVSS:7.7

Rockwell Automation OptixPanel could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper default file permissions flaw. By persuading a victim to open a specially crafted content, an authenticated attacker could exploit this vulnerability to gain elevated privileges and exfiltrate credentials.

CVE-2024-6077 CVSS:8.7

Multiple Rockwell Automation products are vulnerable to a denial of service, caused by improper input validation. By sending specially crafted packets to the CIP security object, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-7961 CVSS:8.6

Rockwell Automation Pavilion8 could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to execute arbitrary code on the system.

CVE-2024-7960 CVSS:8.8

Rockwell Automation Pavilion8 could allow a remote authenticated attacker to bypass security restrictions, caused by an incorrect privilege matrix flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain administrative access.

Impact

• Security Bypass
• Privilege Escalation
• Denial of Service
• Code Execution

Indicators of Compromise

CVE

• CVE-2024-45826
• CVE-2024-45824
• CVE-2024-45823
• CVE-2024-45825
• CVE-2024-8533
• CVE-2024-6077
• CVE-2024-7961
• CVE-2024-7960

Affected Vendors

Affected Products

• Rockwell Automation ThinManager - 13.1.0
• Rockwell Automation ThinManager - 13.1.2
• Rockwell Automation ThinManager - 13.2.0
• Rockwell Automation ThinManager - 13.2.1
• Rockwell Automation FactoryTalk View Site Edition - 12.0-14.0
• Rockwell Automation FactoryTalk Batch View - 2.01.00
• Rockwell Automation 5015-U8IHFT - 1.011
• Rockwell Automation 5015-U8IHFT - 1.012
• Rockwell Automation 2800C OptixPanel Compact - 4.0.0.325
• Rockwell Automation 2800S OptixPanel Standard - 4.0.0.350
• Rockwell Automation Embedded Edge Compute Module - 4.0.0.347
• Rockwell Automation CompactLogix 5380 - v.32 .011
• Rockwell Automation CompactLogix 5380 Process - v.33.011
• Rockwell Automation Compact GuardLogix 5380 SIL 2 - v.32.013
• Rockwell Automation Compact GuardLogix 5380 SIL 3 - v.32.011
• Rockwell Automation Pavilion8 - 5.20

Remediation

Refer to Rockwell Automation Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-45826

CVE-2024-45824

CVE-2024-45823

CVE-2024-45825

CVE-2024-8533

CVE-2024-6077

CVE-2024-7961

CVE-2024-7960