Vulnerabilities

CVE-2024-12371

by Fred · 18/12/2024

A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.

More information : https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html

Attack vector :
Attack complexity :
Privileges required :
User interaction :
Confidentiality impact :
Integrity impact :
Base score :
Base severity :
Exploitability score :
Impact score :

Similar

Tags: Cybersecurity Alert