Rockwell Automation FactoryTalk Analytics PavilionX
Summary
A vulnerability in Rockwell Automation FactoryTalk Analytics PavilionX, specifically in API endpoints lacking proper authorization, allows unauthorized actors to perform privileged operations like user and role management. Exploitation of this flaw can lead to an attacker executing privileged operations.
IFF Assessment
The vulnerability allows unauthorized actors to execute privileged operations, which is detrimental to defenders' ability to secure systems.
Severity
The CVSS score of 7.0 indicates a high severity vulnerability. The 'Missing Authorization' vulnerability allows for unauthorized privileged operations, impacting integrity and potentially confidentiality.
Defender Context
This alert highlights a critical vulnerability in OT systems used in manufacturing. Defenders must prioritize patching or mitigating this "Missing Authorization" flaw to prevent unauthorized administrative access and potential disruption of industrial operations. The widespread deployment of this software worldwide means numerous organizations are at risk.