CVE-2024-9412 | THREATINT

Description

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.

PUBLISHED Reserved 2024-10-01 | Published 2024-10-08 | Updated 2024-10-08 | Assigner Rockwell

HIGH: 8.4CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-842: Placement of User into Incorrect Group

Product status

Default status

unaffected

All versions < 1.38

affected

References

www.rockwellautomation.com/...visories/advisory.SD 1704.html

cve.org (CVE-2024-9412)

nvd.nist.gov (CVE-2024-9412)

Download JSON