Rockwell Automation Pavilion8

Plan Patch7.6ICS-CERT ICSA-24-256-24Sep 12, 2024

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Rockwell Automation Pavilion8 versions prior to 6.0 contain improper access control (CWE-269) and path traversal (CWE-22) vulnerabilities. Successful exploitation allows an attacker to view sensitive information or upload arbitrary files that could result in remote code execution.

What this means

What could happen

An attacker with network access could read sensitive data from your Pavilion8 system or upload malicious files that execute arbitrary code, potentially disrupting production operations or allowing further system compromise.

Who's at risk

Manufacturing and process control organizations using Rockwell Automation Pavilion8 for industrial control, data logging, or process monitoring should assess this risk. Pavilion8 is commonly used in discrete manufacturing, batch processing, and continuous operations where production visibility and automation are critical.

How it could be exploited

An attacker with valid user credentials accesses Pavilion8 over the network and exploits improper access controls to view restricted files, or uses path traversal to upload arbitrary files to the system. The uploaded files could execute with system privileges to compromise the platform.

Prerequisites

Valid user credentials for Pavilion8
Network access to Pavilion8 interface (port typically 443/HTTPS)
Pavilion8 running version prior to 6.0

Remotely exploitable over networkRequires valid user credentialsNo authentication bypass reportedPath traversal and access control flawsCould lead to remote code execution

Exploitability

Moderate exploit probability (EPSS 2.3%)

Affected products (1)

ProductAffected VersionsFix Status

Pavilion8: <V5.20<V5.206.0 and later

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to Pavilion8 to authorized users only; place Pavilion8 behind firewalls and isolate from business networks if possible

HARDENINGIf remote access to Pavilion8 is required, use VPN with current security patches

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Pavilion8 to version 6.0 or later

Long-term hardening

0/1

HARDENINGApply security best practices such as strong password policies and principle of least privilege for user accounts accessing Pavilion8

CVEs (2)

CVE-2024-7960 CVE-2024-7961

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4fdb8a1f-6dad-4699-98e0-00da8cbb771f