The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.
References
Link | Resource |
---|---|
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590 | Permissions Required |
Configurations
History
15 Sep 2023, 19:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:rockwellautomation:pavilion8:*:*:*:*:*:*:*:* | |
First Time |
Rockwellautomation pavilion8
Rockwellautomation |
|
CWE | CWE-287 | |
References | (MISC) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590 - Permissions Required | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
12 Sep 2023, 19:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-12 17:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-29463
Mitre link : CVE-2023-29463
CVE.ORG link : CVE-2023-29463
JSON object : View
Products Affected
rockwellautomation
- pavilion8
CWE
CWE-287
Improper Authentication