Rockwell Automation Pavilion8

Plan PatchCVSS 7.6ICS-CERT ICSA-24-256-24Sep 12, 2024

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Rockwell Automation Pavilion8 versions prior to 6.0 contain vulnerabilities in file handling and access control (CWE-269: improper privilege management, CWE-22: path traversal). An authenticated attacker can bypass authorization checks to view sensitive information or upload arbitrary files that could be executed on the server, potentially enabling remote code execution. The vulnerabilities affect Pavilion8 versions below 5.20.

What this means

What could happen

An attacker with login credentials could view sensitive information stored in Pavilion8 or upload malicious files that could lead to remote code execution on the application server, potentially disrupting operations or enabling further compromise of the control system network.

Who's at risk

Organizations using Rockwell Automation Pavilion8 version 5.20 or earlier should prioritize this update. Pavilion8 is commonly used for industrial control system monitoring and management in manufacturing plants, water utilities, and power systems.

How it could be exploited

An attacker who has obtained valid user credentials (through phishing, credential reuse, or other means) can log into the Pavilion8 web interface and exploit improper input validation or authorization checks to view files outside their intended scope or upload arbitrary files to locations where they can be executed by the application server.

Prerequisites

Valid Pavilion8 user account credentials
Network access to Pavilion8 web interface (typically port 80/443)
User account must have upload or file access permissions

remotely exploitablerequires authenticationfile upload leading to code executionmedium CVSS (7.6)

Exploitability

Some exploitation risk — EPSS score 2.9%

Affected products (1)

ProductAffected VersionsFix Status

Pavilion8: <V5.20<V5.206.0+

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDRestrict network access to Pavilion8 to authorized personnel only; do not expose to the internet

HARDENINGImplement firewall rules to limit access to Pavilion8 to specific trusted IP addresses or subnets

HARDENINGReview and enforce strong password policies for all Pavilion8 user accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Pavilion8 to version 6.0 or later

Long-term hardening

0/1

HARDENINGSegment Pavilion8 from business networks if it connects to OT systems; use VPN or jump server for remote access

CVEs (2)

CVE-2024-7960 CVE-2024-7961

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4fdb8a1f-6dad-4699-98e0-00da8cbb771f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.