OTPulse
FeedAboutContact

Rockwell Automation Pavilion 8

Plan Patch8.8ICS-CERT ICSA-24-198-01Jul 16, 2024
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Pavilion 8 versions 5.15.00 through 5.20.00 contain an improper access control vulnerability (CWE-732) that allows authenticated users to create new user accounts and access sensitive data beyond their assigned privileges. The vulnerability requires valid user credentials and network access to the Pavilion 8 application. Rockwell Automation has released version 6.0 as a corrected version. No public exploitation has been reported.

What this means
What could happen
An attacker with legitimate user credentials could create unauthorized user accounts and view sensitive data stored in Pavilion 8, potentially compromising access controls and data confidentiality across your automation environment.
Who's at risk
This affects organizations running Rockwell Automation Pavilion 8 (versions 5.15.00 to 5.20.00) as an engineering or production control application. Water utilities, electric utilities, and manufacturing plants using Pavilion 8 for process automation or supervisory functions should prioritize remediation to protect against insider threats or compromised user accounts.
How it could be exploited
An attacker with valid Pavilion 8 user credentials can authenticate to the application and exploit improper access controls to create new administrative accounts and read sensitive information without administrative approval, escalating their privileges within the system.
Prerequisites
  • Valid user credentials for Pavilion 8
  • Network access to Pavilion 8 application server
  • Running Pavilion 8 version 5.15.00 through 5.20.00
Requires valid user credentialsHigh CVSS score (8.8)Affects access control and data confidentialityNo patch currently available for affected versions
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Pavilion 8: >=5.15.00|<=5.20.00≥ 5.15.00|≤ 5.20.006.0 or greater
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGImplement role-based access control: limit Pavilion 8 user accounts to only those who require access for their job function
WORKAROUNDReview and audit all current Pavilion 8 user accounts and their assigned privileges to identify and remove unnecessary access
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Pavilion 8 to version 6.0 or greater
Long-term hardening
0/2
HARDENINGIsolate Pavilion 8 application servers behind a firewall and restrict network access to authorized engineering workstations and administrative systems only
HARDENINGIf remote access to Pavilion 8 is required, enforce access through a VPN with multi-factor authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a037d5d8-2e2a-4f3e-be36-b8256a5f1da1
Rockwell Automation Pavilion 8 | CVSS 8.8 - OTPulse