CVE-2023-29463

Name of the Vulnerable Software and Affected Versions Rockwell Automation Pavilion8 (affected versions not specified)

Description The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and log users out of their session. The vulnerability is related to insufficient authentication procedures, which could allow a remote attacker to gain unauthorized access to protected information or cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the JMX Console to minimize the risk of exploitation. Avoid using the JMX Console until the issue is resolved.