Rockwell Automation Verve Asset Manager

Monitor6.8ICS-CERT ICSA-24-284-17Oct 10, 2024

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

Rockwell Automation Verve Asset Manager versions before 1.38 contain a vulnerability (CWE-842) that allows an unauthorized user to access data they previously had but should no longer have access to. The vulnerability requires high-level privileges and user interaction to exploit. Rockwell Automation has released version 1.38 with a fix.

What this means

What could happen

An attacker with admin credentials could retain or regain access to sensitive operational data in Verve Asset Manager that should have been revoked, potentially exposing process configuration, equipment settings, or diagnostic information used to plan attacks on production systems.

Who's at risk

Asset management teams and system administrators at water utilities and electric utilities who use Rockwell Automation Verve Asset Manager to manage networked field devices, sensors, and control equipment. Organizations using this software for managing permissions and access to operational technology infrastructure are most impacted.

How it could be exploited

An attacker must first obtain admin-level credentials on Verve Asset Manager. Once authenticated, they can exploit the access control flaw to read data from user accounts that have been revoked or modified, bypassing the intended permission changes. User interaction (such as administrative action) is required to trigger the vulnerability.

Prerequisites

Admin-level credentials for Verve Asset Manager
Network access to the Verve Asset Manager interface
User interaction or administrative action in the application

Medium severity (CVSS 6.8)Requires high-level credentials (high barrier)User interaction requiredAffects data confidentiality and integrityLow exploit probability (EPSS 0.1%)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Verve Asset Manager: <1.38<1.381.38 or later

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDIf all mappings must be removed, manually remove previously mapped users as a temporary control

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Verve Asset Manager to version 1.38 or later

Long-term hardening

0/3

HARDENINGImplement network segmentation to restrict access to Verve Asset Manager from untrusted networks

HARDENINGUse VPN or other secure remote access methods if remote administration of Verve Asset Manager is required

HARDENINGEnforce strong authentication and access controls for admin accounts with privileges to Verve Asset Manager

CVEs (1)

CVE-2024-9412

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a3782f0e-a41f-4664-a5b6-e0fbe44df63e