Skip to main content

CVE-2024-6435: CWE-732 Incorrect Permission Assignment for Critical Resource in Rockwell Automation Pavilion8®

High
VulnerabilityCVE-2024-6435cvecve-2024-6435cwe-732
Published: Tue Jul 16 2024 (07/16/2024, 13:00:42 UTC)
Source: CVE
Vendor/Project: Rockwell Automation
Product: Pavilion8®

Description

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.

AI-Powered Analysis

AILast updated: 06/25/2025, 15:03:47 UTC

Technical Analysis

CVE-2024-6435 is a high-severity privilege escalation vulnerability identified in Rockwell Automation's Pavilion8® software versions 5.15.00 through 5.20.00. The root cause is an incorrect permission assignment (CWE-732) that allows users with basic privileges to access administrative functions that should be restricted. Specifically, a malicious user with limited access rights can exploit this flaw to perform critical actions such as creating new users with elevated privileges and reading sensitive data within the “views” section of the application. This vulnerability does not require user interaction and can be exploited remotely over the network (AV:N), with low attack complexity (AC:L), and no authentication beyond basic user privileges (PR:L). The impact on confidentiality, integrity, and availability is high, as attackers can both exfiltrate sensitive information and manipulate user accounts, potentially leading to full system compromise. Although no known exploits are currently reported in the wild, the vulnerability’s characteristics and high CVSS 4.0 score of 8.7 indicate a significant risk to affected environments. Pavilion8® is an industrial automation software product used primarily for manufacturing operations management, which means exploitation could disrupt industrial processes or lead to unauthorized control over critical infrastructure components. The vulnerability’s presence in multiple recent versions suggests a broad exposure among users who have not yet applied patches or mitigations. No official patches are currently linked, so organizations must prioritize compensating controls and monitoring until updates are available.

Potential Impact

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors that rely on Rockwell Automation Pavilion8®, this vulnerability poses a substantial risk. Exploitation could lead to unauthorized disclosure of sensitive operational data and unauthorized creation of privileged accounts, enabling attackers to manipulate industrial processes or disrupt production lines. This could result in operational downtime, safety hazards, financial losses, and regulatory compliance issues under frameworks such as NIS2 and GDPR. The ability to escalate privileges without user interaction and remotely increases the likelihood of targeted attacks or insider threats leveraging compromised basic accounts. Given the strategic importance of industrial automation in Europe's economy and critical infrastructure, successful exploitation could have cascading effects on supply chains and national security. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for mitigation, as threat actors may develop exploits rapidly once details are public.

Mitigation Recommendations

Implement strict network segmentation to isolate Pavilion8® systems from general IT networks and limit access only to trusted administrators and necessary services. Enforce the principle of least privilege by auditing and minimizing the number of users with basic privileges on Pavilion8® systems, removing unnecessary accounts. Monitor Pavilion8® user account creation and privilege changes closely using security information and event management (SIEM) tools to detect anomalous activities indicative of exploitation attempts. Apply application-layer access controls or compensating controls such as multi-factor authentication (MFA) for Pavilion8® user accounts, especially those with elevated privileges, to reduce risk from compromised basic accounts. Establish strict logging and alerting on access to the “views” section and other sensitive areas within Pavilion8® to detect unauthorized data access. Coordinate with Rockwell Automation for timely patch deployment once official fixes are released; meanwhile, consider virtual patching or application-layer firewalls to block exploitation attempts. Conduct regular security awareness training for users with Pavilion8® access to recognize and report suspicious activities. Perform periodic vulnerability assessments and penetration testing focused on Pavilion8® deployments to identify and remediate potential exploitation paths.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Rockwell
Date Reserved
2024-07-01T21:06:41.384Z
Cisa Enriched
true
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682d983ac4522896dcbed32b

Added to database: 5/21/2025, 9:09:14 AM

Last enriched: 6/25/2025, 3:03:47 PM

Last updated: 8/14/2025, 6:44:29 PM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats