OTPulse
FeedAboutContact

Rockwell Automation Pavilion8

Plan Patch7.4ICS-CERT ICSA-24-226-04Aug 13, 2024
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Pavilion8 versions 5.20 and later lack encryption for communication between the Console and Dashboard components. This allows an authenticated attacker to intercept and view sensitive data transmitted between these components. The vulnerability is classified as CWE-311 (Missing Encryption of Sensitive Data). Rockwell Automation released version 6.0 to address this issue. As a temporary measure, organizations should restrict physical and network access to affected systems and use firewalls to isolate Pavilion8 from untrusted networks.

What this means
What could happen
An authenticated attacker could intercept and view sensitive data transmitted between the Pavilion8 Console and Dashboard due to lack of encryption, potentially exposing system configuration, control logic, or other operational information.
Who's at risk
Organizations operating Rockwell Automation Pavilion8 v5.20 or later should be concerned. Pavilion8 is typically used for data collection, analytics, and visibility into manufacturing and process equipment. This vulnerability could expose sensitive operational data if the engineering console is accessed by unauthorized users or if network traffic is intercepted.
How it could be exploited
An attacker with valid engineering credentials can authenticate to Pavilion8 and intercept unencrypted communication between the Console and Dashboard on the same machine or across the network. The attacker can then capture and read sensitive data in transit, such as system configuration or process parameters.
Prerequisites
  • Valid Pavilion8 user credentials (engineering or equivalent account)
  • Network access to the machine running Pavilion8 Console and Dashboard, or presence on the same local network segment
  • Ability to capture network traffic (e.g., packet sniffer) if communication spans network
  • Pavilion8 version 5.20 or later
requires valid credentials to exploitaffects data confidentiality only (low CVSS scope)cross-site impact possible (affects systems beyond Pavilion8)unencrypted data transmission
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Pavilion8: >=v5.20≥ v5.206.0
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict physical and network access to machines running Pavilion8 Console and Dashboard behind a firewall; limit access to authorized personnel only
WORKAROUNDIf remote access to Pavilion8 is required, use a VPN with current security updates
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Pavilion8 to version 6.0 or later
Long-term hardening
0/1
HARDENINGIsolate Pavilion8 systems from business networks and the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fa8bf056-4740-48a1-b57d-2cd7c09b8f2b