Vulnerabilities (CVE)

Filtered by vendor Rockwellautomation Subscribe
Filtered by product Pavilion8
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-29463 1 Rockwellautomation 1 Pavilion8 2024-11-21 N/A 8.8 HIGH
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.
CVE-2024-7960 1 Rockwellautomation 1 Pavilion8 2024-09-19 N/A 9.1 CRITICAL
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.
CVE-2024-7961 1 Rockwellautomation 1 Pavilion8 2024-09-19 N/A 9.8 CRITICAL
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.