CVE-2024-12371
Dec. 18, 2024, 8:15 p.m.
Tags
Product(s) Impacted
Rockwell Automation Power Monitor 1000
Description
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.
Weaknesses
CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE ID: 306Date
Published: Dec. 18, 2024, 4:15 p.m.
Last Modified: Dec. 18, 2024, 8:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
PSIRT@rockwellautomation.com
References
https://www.rockwellautomation.com/
PSIRT@rockwellautomation.com