CVE-2024-9412

Name of the Vulnerable Software and Affected Versions: Rockwell Automation products (affected versions not specified) Verve Asset Manager versions prior to v1.38

Description: An improper authorization issue exists in the affected products, potentially allowing an unauthorized user to sign in and access data they should no longer have access to. This could occur due to unexpected or accidental removal of role mappings by the administrator. The vulnerability may also enable an attacker to manipulate user groups, potentially leading to unauthorized access.

Recommendations: For Verve Asset Manager versions prior to v1.38, upgrade to version v1.38 or later. For other affected Rockwell Automation products, at the moment, there is no information about a newer version that contains a fix for this vulnerability.