CVE-2024-6435— Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-6435
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rockwell Automation Privilege Escalation Vulnerability in Pavilion8®
Source: NVD (National Vulnerability Database)
Vulnerability Description
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键资源的不正确权限授予
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rockwell Automation Pavilion8 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rockwell Automation Pavilion8是美国罗克韦尔(Rockwell Automation)公司的一个模型预测控制台。 Rockwell Automation Pavilion8 存在安全漏洞,该漏洞源于存在权限提升漏洞,导致攻击者可读取敏感数据并创建用户。受影响版本如下:5.15.00版本、5.15.01版本、5.16.00版本、5.17.00版本、5.17.01版本和5.20.00版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rockwell Automation | Pavilion8® | 5.15.00 | - |
II. Public POCs for CVE-2024-6435
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-6435
请登录查看更多情报信息。
Same Patch Batch · Rockwell Automation · 2024-07-16 · 4 CVEs total
| CVE-2024-6325 | Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services | |
| CVE-2024-6326 | Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services | |
| CVE-2024-6089 | Rockwell Automation Major nonrecoverable fault in 5015 – AENFTXT |
IV. Related Vulnerabilities
Same vendor: Rockwell Automation
- CVE-2025-9283
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-9282
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-9281
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-9280
ArmorStart® LT - Multiple Denial-of-Service Vulnerabilities - CVE-2025-14027
Rockwell Automation Recommends Upgrading From 1756-RM2 XT To
Same weakness: CWE-732
- CVE-2026-41288
WatchGuard Agent on Windows Privilege Escalation Vulnerabili - CVE-2026-41686
Claude SDK for TypeScript has Insecure Default File Permissi - CVE-2026-6499
ILM Informatique OpenConcerto 安全漏洞 - CVE-2026-41366
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLo - CVE-2026-35367
uutils coreutils nohup Information Disclosure via Insecure D
V. Comments for CVE-2024-6435
No comments yet