Rockwell Automation Pavilion8

Plan PatchCVSS 7.4ICS-CERT ICSA-24-226-04Aug 13, 2024

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Pavilion8 versions 5.20 and later lack encryption for communication between the Console and Dashboard components. This allows an authenticated attacker to intercept and view sensitive data transmitted between these components. The vulnerability is classified as CWE-311 (Missing Encryption of Sensitive Data). Rockwell Automation released version 6.0 to address this issue. As a temporary measure, organizations should restrict physical and network access to affected systems and use firewalls to isolate Pavilion8 from untrusted networks.

What this means

What could happen

An authenticated attacker could intercept and view sensitive data transmitted between the Pavilion8 Console and Dashboard due to lack of encryption, potentially exposing system configuration, control logic, or other operational information.

Who's at risk

Organizations operating Rockwell Automation Pavilion8 v5.20 or later should be concerned. Pavilion8 is typically used for data collection, analytics, and visibility into manufacturing and process equipment. This vulnerability could expose sensitive operational data if the engineering console is accessed by unauthorized users or if network traffic is intercepted.

How it could be exploited

An attacker with valid engineering credentials can authenticate to Pavilion8 and intercept unencrypted communication between the Console and Dashboard on the same machine or across the network. The attacker can then capture and read sensitive data in transit, such as system configuration or process parameters.

Prerequisites

Valid Pavilion8 user credentials (engineering or equivalent account)
Network access to the machine running Pavilion8 Console and Dashboard, or presence on the same local network segment
Ability to capture network traffic (e.g., packet sniffer) if communication spans network
Pavilion8 version 5.20 or later

requires valid credentials to exploitaffects data confidentiality only (low CVSS scope)cross-site impact possible (affects systems beyond Pavilion8)unencrypted data transmission

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Pavilion8: >=v5.20≥ v5.206.0

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and network access to machines running Pavilion8 Console and Dashboard behind a firewall; limit access to authorized personnel only

WORKAROUNDIf remote access to Pavilion8 is required, use a VPN with current security updates

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Pavilion8 to version 6.0 or later

Long-term hardening

0/1

HARDENINGIsolate Pavilion8 systems from business networks and the internet

CVEs (1)

CVE-2024-40620

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fa8bf056-4740-48a1-b57d-2cd7c09b8f2b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.