Loading

OptixPanel™ Privilege Escalation Vulnerability via File Permissions

Severity:
High
Advisory ID:
SD1694
公開日:
September 10, 2024
最終更新日:
November 13, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
はい
Workaround:
いいえ
CVE IDs
CVE-2024-8533
ダウンロード
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
CVE-2024-8533
概要
OptixPanel™ Privilege Escalation Vulnerability via File Permissions

Published Date: 9/12/2024

Last Updated: 9/12/2024 

Revision Number: 1.0 
CVSS Score: v3.1: 7.5/10, v4.0: 7.7/10

The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improving their business or production environments.

AFFECTED PRODUCTS AND SOLUTION

 

 

Affected Product

 

 

 

 

First Known in Software Version

 

 

 

 

Corrected in Software Version

 

 

 

 

2800C OptixPanel™ Compact

 

 

 

 

4.0.0.325

 

 

 

 

4.0.2.116

 

 

 

 

2800S OptixPanel™ Standard

 

 

 

 

4.0.0.350

 

 

 

 

4.0.2.123

 

 

 

 

Embedded Edge Compute Module

 

 

 

 

4.0.0.347

 

 

 

 

4.0.2.106

 

 

 

VULNERABILITY DETAILS

Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.

CVE-2024-8533 IMPACT

A privilege escalation vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.

CVSS 3.1 Base Score: 7.5 
CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 4.0 Base Score: 7.7 
CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE: CWE-269: Improper Privilege Management 
Known Exploited Vulnerability (KEV) database: No

Mitigations and Workarounds 
Customers using the affected software are encouraged to apply security best practices

  • For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability.

Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.

ADDITIONAL RESOURCES

  • JSON CVE-2024-8533

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left ロックウェル・オートメーションのホーム Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust & Security Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
を続行するには、クッキーの設定を更新してください.
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • ソーシャルメディア・クッキー
  • 機能性クッキー
  • パフォーマンスクッキー
  • マーケティングクッキー
  • 全てのクッキー
いつでも設定を更新することができます。詳しくはプライバシーポリシーをご覧ください
CloseClose