CVE-2024-40620

Summary

CVE-2024-40620 IMPACT

A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationPavilion8®5.20affected

Weaknesses

  • CWE-311: CWE-311 Missing Encryption of Sensitive Data

Workarounds

Interactions between the Console and Dashboard take place on the same machine, the machine should exist behind a firewall and physical access should be limited to authorized personnel.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References