CVE-2024-7961 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation Pavilion8 industrial control systems, particularly those in manufacturing and process industries. System administrators, OT security teams, and asset owners responsible for maintaining Pavilion8 deployments should prioritize patching or implementing compensating controls.

Technical summary

CVE-2024-7961 is a path traversal vulnerability in Rockwell Automation Pavilion8 versions prior to V5.20. The vulnerability allows an authenticated attacker with high privileges to upload arbitrary files to the server through improper path validation. Successful exploitation could lead to remote code execution on the affected system. The vulnerability has a CVSS 3.1 base score of 7.2 (HIGH) with the vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network attack vector, low complexity, high privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Rockwell Automation has addressed this in version V6.0 and later.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Pavilion8 to version V6.0 or later per vendor guidance
• If immediate upgrade is not feasible, apply CISA ICS recommended security best practices
• Review and restrict administrative access to Pavilion8 systems
• Monitor for unauthorized file uploads or unexpected file system changes
• Consult Rockwell Automation security advisories for additional mitigation measures

Evidence notes

CISA ICS Advisory ICSA-24-256-24 published 2024-09-12 identifies path traversal in Pavilion8 <V5.20 with CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. Vendor fix available in V6.0 and later.

Official resources