CVE-2024-12371

Name of the Vulnerable Software and Affected Versions Rockwell Automation Power Monitor 1000 (affected versions not specified)

Description A device takeover issue exists, allowing the configuration of a new Policyholder user without authentication via API. The Policyholder user has the most privileges, enabling edit operations, creation of admin users, and factory resets. This can be exploited by sending a specially crafted API request to create a Policyholder user, potentially giving an attacker full access to the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.