PatchSiren cyber security CVE debrief
CVE-2024-7960 Rockwell Automation CVE debrief
CVE-2024-7960 is a HIGH severity vulnerability (CVSS 7.6) in Rockwell Automation Pavilion8, published September 12, 2024. The vulnerability stems from an incorrect privilege matrix that allows users to access functions beyond their authorized scope, enabling threat actors to view sensitive information and modify settings. The affected product is Pavilion8 versions prior to V5.20. Rockwell Automation has released a vendor fix in Pavilion8 V6.0 and later. For organizations unable to upgrade immediately, security best practices are recommended as interim mitigations.
- Vendor
- Rockwell Automation
- Product
- Pavilion8
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-12
- Original CVE updated
- 2024-09-12
- Advisory published
- 2024-09-12
- Advisory updated
- 2024-09-12
Who should care
Organizations operating Rockwell Automation Pavilion8 in industrial control system (ICS) or operational technology (OT) environments, particularly those in manufacturing, process control, and critical infrastructure sectors. Security teams responsible for OT/ICS asset management, system integrators deploying Pavilion8 solutions, and compliance officers overseeing industrial cybersecurity frameworks should prioritize assessment and remediation.
Technical summary
The vulnerability exists in the privilege matrix implementation of Rockwell Automation Pavilion8 versions prior to V5.20. An incorrect privilege matrix configuration allows users to access functions outside their authorized scope. This access control flaw enables authenticated threat actors with low privileges to view sensitive information and change settings. The CVSS 3.1 score of 7.6 reflects network attack vector, low attack complexity, low privileges required, no user interaction, and high confidentiality impact with low integrity and availability impacts. The vulnerability is classified as an authorization issue where the product fails to properly restrict access to functionality based on user roles.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Pavilion8 to version 6.0 or later to address the incorrect privilege matrix vulnerability
- If immediate upgrade is not feasible, apply CISA ICS recommended security best practices as interim mitigation
- Review and validate user privilege assignments in Pavilion8 deployments to ensure least-privilege access controls
- Monitor Rockwell Automation security advisories for additional guidance or patches
- Implement network segmentation for ICS/OT environments running Pavilion8 to limit lateral movement potential
Evidence notes
Vulnerability disclosed via CISA CSAF advisory ICSA-24-256-24. CVSS 3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L. Affected product confirmed as Pavilion8 <V5.20. Vendor fix available in V6.0+.
Official resources
-
CVE-2024-7960 CVE record
CVE.org
-
CVE-2024-7960 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-12