CVE-2024-9412

Oct. 10, 2024, 12:51 p.m.

None
No Score

Description

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.

Product(s) Impacted

Product Versions
Rockwell Automation
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-842
Placement of User into Incorrect Group
The product or the administrator places a user into an incorrect group.

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201704.html

Tags

PSIRT@rockwellautomation.com
2024-10-08
CVE-2024-9412
CWE-842

Timeline

Published: Oct. 8, 2024, 8:15 p.m.
Last Modified: Oct. 10, 2024, 12:51 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

PSIRT@rockwellautomation.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.