CVE-2024-9412

Summary

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationVerve® Asset ManagerAll versions < 1.38affected

Weaknesses

  • CWE-842: CWE-842: Placement of User into Incorrect Group

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References