Details of VAR-202408-1532

ID

VAR-202408-1532

CVE

CVE-2024-40620

TITLE

Rockwell Automation Pavilion8 has an unspecified vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-36822

DESCRIPTION

CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality. Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation of the United States. There is a security vulnerability in Rockwell Automation Pavilion8 version 5.20

Trust: 1.44

sources: NVD: CVE-2024-40620 // CNVD: CNVD-2024-36822

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-36822

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	pavilion8	scope:	eq	version:	5.20.00	Trust: 1.0
vendor:	rockwell	model:	automation pavilion8	scope:	eq	version:	5.20	Trust: 0.6

sources: CNVD: CNVD-2024-36822 // NVD: CVE-2024-40620

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-40620
value:	HIGH
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2024-40620
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2024-36822
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-36822
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-40620
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-36822 // NVD: CVE-2024-40620 // NVD: CVE-2024-40620

PROBLEMTYPE DATA

problemtype:

CWE-311

Trust: 1.0

sources: NVD: CVE-2024-40620

PATCH

title:

Patch for Rockwell Automation Pavilion8 has an unspecified vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/585351

Trust: 0.6

sources: CNVD: CNVD-2024-36822

EXTERNAL IDS

db:	NVD	id:	CVE-2024-40620	Trust: 1.6
db:	CNVD	id:	CNVD-2024-36822	Trust: 0.6

sources: CNVD: CNVD-2024-36822 // NVD: CVE-2024-40620

REFERENCES

url:	https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd%201691.html	Trust: 1.0
url:	https://cxsecurity.com/cveshow/cve-2024-40620/	Trust: 0.6

sources: CNVD: CNVD-2024-36822 // NVD: CVE-2024-40620

SOURCES

db:	CNVD	id:	CNVD-2024-36822
db:	NVD	id:	CVE-2024-40620

LAST UPDATE DATE

2025-01-31T23:18:06.566000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-36822	date:	2024-08-29T00:00:00
db:	NVD	id:	CVE-2024-40620	date:	2025-01-31T15:03:56.407

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-36822	date:	2024-08-29T00:00:00
db:	NVD	id:	CVE-2024-40620	date:	2024-08-14T20:15:12.410