Critical Vulnerabilities in Rockwell Automation Pavilion8

Published on 20 Sep 2024

Rockwell Automation has released security updates to address multiple vulnerabilities (CVE-2024-7960 and CVE-2024-7961) affecting their Pavilion8 product.

The vulnerabilities are:
• CVE-2024-7960: Successful exploitation of the vulnerability could allow an attacker to access sensitive information and modify configuration settings without proper authorization. 
• CVE-2024-7961: Successful exploitation of the path traversal vulnerability could allow an attacker to perform remote code execution by uploading arbitrary server files. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

The vulnerabilities affect Pavilion8 versions prior to 5.20.

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here: