PatchSiren cyber security CVE debrief
CVE-2024-9412 Rockwell Automation CVE debrief
An improper authorization vulnerability in Rockwell Automation Verve Asset Manager versions prior to 1.38 could allow unauthorized users to sign in and access data they no longer have permission to view. The vulnerability occurs when all role mappings are removed—typically through accidental or unexpected administrator action—leaving the system without proper access controls. While this configuration state is considered unlikely, successful exploitation grants access to previously authorized data. Rockwell Automation has patched this issue in version 1.38.
- Vendor
- Rockwell Automation
- Product
- Verve Asset Manager
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-10
- Original CVE updated
- 2024-10-10
- Advisory published
- 2024-10-10
- Advisory updated
- 2024-10-10
Who should care
Organizations operating Rockwell Automation Verve Asset Manager in industrial control system environments, particularly those with multiple administrators managing role configurations. Security teams responsible for access control policies and OT/ICS security posture should prioritize this patch to prevent unauthorized data access in scenarios where role mappings may be accidentally cleared.
Technical summary
The vulnerability stems from improper authorization handling when all role mappings are removed from Verve Asset Manager. In this state, the system fails to enforce access controls, allowing previously authenticated users to retain access to data they should no longer view. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) indicates network attack vector, low complexity, high privileges required, user interaction required, with high impact to confidentiality, integrity, and availability. The attack requires an administrator to first remove all role mappings—an unlikely but possible accidental configuration—after which unauthorized users could exploit the lack of access controls.
Defensive priority
medium
Recommended defensive actions
- Upgrade Rockwell Automation Verve Asset Manager to version 1.38 or later to address the improper authorization vulnerability.
- Maintain at least one role mapping at all times to prevent exploitation of this vulnerability; avoid removing all role mappings simultaneously.
- If all role mappings must be removed, manually remove previously mapped users as an effective workaround.
- Review and implement Rockwell Automation security best practices for industrial control systems.
- Monitor for unauthorized access attempts and audit user access logs for anomalous activity.
Evidence notes
CISA CSAF advisory ICSA-24-284-17 published 2024-10-10 confirms affected product versions (<1.38), CVSS 3.1 score of 6.8 (MEDIUM), and remediation in version 1.38. The advisory describes the vulnerability mechanism involving removal of all role mappings and provides workarounds.
Official resources
-
CVE-2024-9412 CVE record
CVE.org
-
CVE-2024-9412 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-10