CVE-2024-8533
12.09.2024, 20:15
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rockwellautomation | 2800c_optixpanel_compact_firmware | 4.0.0.325 ≤ 𝑥 < 4.0.2.116 |
| rockwellautomation | 2800s_optixpanel_standard_firmware | 4.0.0.350 ≤ 𝑥 < 4.0.2.123 |
| rockwellautomation | embedded_edge_compute_module_firmware | 4.0.0.347 ≤ 𝑥 < 4.0.2.106 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
- CWE-276 - Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.