#VU97246 Improper privilege management


Published: 2024-09-13

Vulnerability identifier: #VU97246

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-8533

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
2800C OptixPanel Compact
Hardware solutions / Firmware
2800S OptixPanel Standard
Hardware solutions / Firmware
Embedded Edge Compute Module
Hardware solutions / Firmware

Vendor: Rockwell Automation

Description

The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to improper default file permissions. A remote attacker can exfiltrate credentials and escalate privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

2800C OptixPanel Compact: 4.0.0.325

2800S OptixPanel Standard: 4.0.0.350

Embedded Edge Compute Module: 4.0.0.347

External links
http://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1964.html
http://www.cisa.gov/news-events/ics-advisories/icsa-24-256-19

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Improper privilege management in Rockwell Automation OptixPanel