CVE-2024-40620 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation Pavilion8 industrial control systems, particularly those in manufacturing and process industries using Pavilion8 for model predictive control applications. Security teams responsible for OT/ICS network segmentation and data protection should prioritize this patch.

Technical summary

CVE-2024-40620 affects Rockwell Automation Pavilion8 versions 5.20 and later. The vulnerability stems from lack of encryption for sensitive data transmitted between the Console and Dashboard components. This unencrypted transmission allows data to be visible in proxy server logs, potentially compromising confidentiality. The CVSS 3.1 score of 7.4 (HIGH) reflects network attack vector, low attack complexity, low privileges required, and impacts to confidentiality, integrity, and availability with scope change. Rockwell Automation has released version 6.0 as a corrective update.

Defensive priority

HIGH

Recommended defensive actions

• Update Pavilion8 to version 6.0 or later to address the unencrypted data transmission vulnerability
• If immediate patching is not feasible, ensure the affected machine is deployed behind a firewall with physical access restricted to authorized personnel
• Apply Rockwell Automation security best practices for industrial control systems
• Consider using Stakeholder-Specific Vulnerability Categorization (SSVC) for environment-specific prioritization

Evidence notes

CISA published advisory ICSA-24-226-04 on 2024-08-13 identifying this vulnerability in Rockwell Automation Pavilion8 versions 5.20 and later. The vulnerability involves unencrypted data transmission between the Console and Dashboard components, which may expose sensitive information in proxy server logs.

Official resources