PT-2024-28947 · Rockwell Automation · Pavilion8
Published
2024-08-14
·
Updated
2025-01-31
·
CVE-2024-40620
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Rockwell Automation Pavilion8 version 5.20
Description
A vulnerability exists in the affected product due to a lack of encryption of sensitive information. This results in data being sent between the Console and the Dashboard without encryption, potentially impacting the data's confidentiality. The vulnerability can be seen in the logs of proxy servers.
Recommendations
For Rockwell Automation Pavilion8 version 5.20, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pavilion8