Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-29463 | 1 Rockwellautomation | 1 Pavilion8 | 2024-11-21 | N/A | 8.8 HIGH |
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session. | |||||
CVE-2024-7960 | 1 Rockwellautomation | 1 Pavilion8 | 2024-09-19 | N/A | 9.1 CRITICAL |
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not. | |||||
CVE-2024-7961 | 1 Rockwellautomation | 1 Pavilion8 | 2024-09-19 | N/A | 9.8 CRITICAL |
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. |