Pavilion8
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14272 | Hig | 0.54 | — | — | Jun 16, 2026 | A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions. | ||
| CVE-2024-7961 | 0.00 | — | 0.01 | Sep 12, 2024 | A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. | |||
| CVE-2024-7960 | 0.00 | — | 0.00 | Sep 12, 2024 | The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not. | |||
| CVE-2024-40620 | 0.00 | — | 0.00 | Aug 14, 2024 | CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers,… | |||
| CVE-2024-6435 | 0.00 | — | 0.00 | Jul 16, 2024 | A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data,… | |||
| CVE-2023-29463 | 0.00 | — | 0.01 | Sep 12, 2023 | The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session. |
- risk 0.54cvss —epss —
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions.
- CVE-2024-7961Sep 12, 2024risk 0.00cvss —epss 0.01
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
- CVE-2024-7960Sep 12, 2024risk 0.00cvss —epss 0.00
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.
- CVE-2024-40620Aug 14, 2024risk 0.00cvss —epss 0.00
CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers,…
- CVE-2024-6435Jul 16, 2024risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data,…
- CVE-2023-29463Sep 12, 2023risk 0.00cvss —epss 0.01
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.