CVE-2024-40620

Rockwell Automation Pavilion8® Unencrypted Data Vulnerability via HTTP protocol

Description

CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data's confidentiality.

Remediation

Solution:

  • Upgrade to v6.0

Workaround:

  • Interactions between the Console and Dashboard take place on the same machine, the machine should exist behind a firewall and physical access should be limited to authorized personnel.

Category

5.3
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.03%
Vendor Advisory rockwellautomation.com
Affected: Rockwell Automation Pavilion8®
Published at:
Updated at:

References

Link Tags
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201691.html vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-40620?
CVE-2024-40620 has been scored as a medium severity vulnerability.
How to fix CVE-2024-40620?
To fix CVE-2024-40620: Upgrade to v6.0
Is CVE-2024-40620 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-40620 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-40620?
CVE-2024-40620 affects Rockwell Automation Pavilion8®.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.