PatchSiren cyber security CVE debrief
CVE-2024-6435 Rockwell Automation CVE debrief
A privilege escalation vulnerability in Rockwell Automation Pavilion 8 allows authenticated users with basic privileges to access administrative functions, potentially enabling unauthorized user creation and sensitive data access.
- Vendor
- Rockwell Automation
- Product
- Pavilion 8
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-16
- Original CVE updated
- 2024-07-16
- Advisory published
- 2024-07-16
- Advisory updated
- 2024-07-16
Who should care
Organizations operating Rockwell Automation Pavilion 8 in industrial environments, particularly those in critical infrastructure sectors. Security teams responsible for OT/ICS asset management, identity and access management administrators, and compliance officers monitoring NIST CSF or IEC 62443 adherence should prioritize this vulnerability due to its potential for unauthorized administrative access in process control environments.
Technical summary
CVE-2024-6435 is a privilege escalation vulnerability in Rockwell Automation Pavilion 8 versions 5.15.00 through 5.20.00. The flaw allows authenticated users with basic privileges to access administrative functions that should require elevated privileges. Successful exploitation enables attackers to create users with elevated privileges and read sensitive information from the 'views' section. The vulnerability has a CVSS 3.1 score of 8.8 (HIGH severity) with network attack vector, low attack complexity, and low privilege requirements. Rockwell Automation has released version 6.0 to address this issue. CISA recommends upgrading immediately or applying compensating controls including access restriction and privilege review procedures.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Pavilion8 version 6.0 or greater as recommended by Rockwell Automation
- If immediate upgrade is not feasible, restrict network access to only essential users
- Implement periodic review of user access and privileges to confirm accuracy
- Apply CISA ICS recommended security best practices for defense-in-depth
- Monitor for unauthorized user creation or privilege modification attempts
Evidence notes
CISA published advisory ICSA-24-198-01 on 2024-07-16, identifying affected versions as Pavilion 8 versions 5.15.00 through 5.20.00. The vulnerability permits basic-privilege users to perform administrative actions including creating elevated-privilege accounts and reading sensitive information in the 'views' section. CVSS 3.1 score of 8.8 reflects network attack vector, low attack complexity, low privileges required, and high impacts to confidentiality, integrity, and availability.
Official resources
-
CVE-2024-6435 CVE record
CVE.org
-
CVE-2024-6435 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-16