Vulnerability-Lookup

CNVD-2023-79689

Vulnerability from cnvd - Published: 2023-10-24

Title

Rockwell Automation Pavilion8授权问题漏洞

Description

Rockwell Automation Pavilion8是美国罗克韦尔（Rockwell Automation）公司的一个模型预测控制台。 Rockwell Automation Pavilion8存在授权问题漏洞，该漏洞源于JMX Console向用户公开，且不需要身份验证。攻击者可利用该漏洞检索其他用户的会话数或将用户从其会话中注销。

Severity

高

Patch Name

Rockwell Automation Pavilion8授权问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-29463

Impacted products

Name
Rockwell Automation Pavilion8 <5.20

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-29463",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-29463"
    }
  },
  "description": "Rockwell Automation Pavilion8\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u6a21\u578b\u9884\u6d4b\u63a7\u5236\u53f0\u3002\n\nRockwell Automation Pavilion8\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eJMX Console\u5411\u7528\u6237\u516c\u5f00\uff0c\u4e14\u4e0d\u9700\u8981\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u5176\u4ed6\u7528\u6237\u7684\u4f1a\u8bdd\u6570\u6216\u5c06\u7528\u6237\u4ece\u5176\u4f1a\u8bdd\u4e2d\u6ce8\u9500\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-79689",
  "openTime": "2023-10-24",
  "patchDescription": "Rockwell Automation Pavilion8\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u6a21\u578b\u9884\u6d4b\u63a7\u5236\u53f0\u3002\r\n\r\nRockwell Automation Pavilion8\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eJMX Console\u5411\u7528\u6237\u516c\u5f00\uff0c\u4e14\u4e0d\u9700\u8981\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u5176\u4ed6\u7528\u6237\u7684\u4f1a\u8bdd\u6570\u6216\u5c06\u7528\u6237\u4ece\u5176\u4f1a\u8bdd\u4e2d\u6ce8\u9500\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rockwell Automation Pavilion8\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Rockwell Automation Pavilion8 \u003c5.20"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-29463",
  "serverity": "\u9ad8",
  "submitTime": "2023-09-21",
  "title": "Rockwell Automation Pavilion8\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2023-29463 (GCVE-0-2023-29463)

Vulnerability from cvelistv5 – Published: 2023-09-12 16:42 – Updated: 2025-02-27 20:54

Title

Pavilion8 Security Misconfiguration Vulnerability

Summary

The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication

Assigner

Rockwell

References

URL

Tags

https://rockwellautomation.custhelp.com/app/answe…

Impacted products

	Vendor	Product	Version
	Rockwell Automation	Pavilion8	Affected: <5.20

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:46.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29463",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:51:43.237837Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:54:59.034Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Pavilion8",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c5.20"
            }
          ]
        }
      ],
      "datePublic": "2023-09-12T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T16:42:14.868Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003eRisk Mitigation \u0026amp; User Action\u003c/div\u003e\u003cdiv\u003eCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.\u003cul\u003e\u003cli\u003eUpdate to v5.20\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012\"\u003eQA43240 - Recommended Security Guidelines from Rockwell Automation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cstrong\u003eIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17.\u003c/strong\u003e\u003col\u003e\u003cli\u003eOpen the \u003ccode\u003eweb.xml\u003c/code\u003e\u0026nbsp;file in your Pavilion8\u00ae installation folder set during installation and go to \u003cem\u003eConsole\\container\\webapps\\ROOT\\WEB-INF\u003c/em\u003e, by default this would be under \u003ccode\u003eC:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF\u003c/code\u003e.\u003c/li\u003e\u003cli\u003eSearch for the text \u003ccode\u003ejmx-console-action-handler\u003c/code\u003e\u0026nbsp;and delete the below lines from \u003ccode\u003eweb.xml\u003c/code\u003e\u0026nbsp;file:\u003cbr\u003e\u003cbr\u003e\u003ccode\u003e\u0026nbsp; \u0026lt;servlet\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-name\u0026gt;jmx-console-action-handler\u0026lt;/servlet-name\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-class\u0026gt;com.pav.jboss.jmx.HtmlAdaptorServlet\u0026lt;/servlet-class\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;/servlet\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;servlet-mapping\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-name\u0026gt;jmx-console-action-handler\u0026lt;/servlet-name\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;url-pattern\u0026gt;/jmx-console/HtmlAdaptor\u0026lt;/url-pattern\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;/servlet-mapping\u0026gt;\u003c/code\u003e\u003cbr\u003e\u0026nbsp;\u003c/li\u003e\u003cli\u003eSave the changes and close the file.\u003c/li\u003e\u003cli\u003eRestart \u003cstrong\u003ePavilion8\u00ae Console Service\u003c/strong\u003e.\u003c/li\u003e\u003cli\u003eLogout and log back into the console and navigate to the URL \u003ccode\u003ehttp:// \u0026lt;FQDN\u0026gt;/jmx-console\u003c/code\u003e\u0026nbsp;to confirm you are getting the error message \u003ccode\u003eHTTP Status 404 \u2013 Not Found\u003c/code\u003e.\u003c/li\u003e\u003c/ol\u003e\u003cblockquote\u003e\u003cp\u003e\u003cu\u003eNote\u003c/u\u003e: \u003ccode\u003e\u0026lt;FQDN\u0026gt;\u003c/code\u003e\u0026nbsp;is your fully qualified domain name used for the Console login.\u003c/p\u003e\u003c/blockquote\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nRisk Mitigation \u0026 User Action\n\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.  *  Update to v5.20\n  *   QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012 \n\n\n\nIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17.  *  Open the web.xml\u00a0file in your Pavilion8\u00ae installation folder set during installation and go to Console\\container\\webapps\\ROOT\\WEB-INF, by default this would be under C:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF.\n  *  Search for the text jmx-console-action-handler\u00a0and delete the below lines from web.xml\u00a0file:\n\n\u00a0 \u003cservlet\u003e\n\u00a0 \u00a0 \u003cservlet-name\u003ejmx-console-action-handler\u003c/servlet-name\u003e\n\u00a0 \u00a0 \u003cservlet-class\u003ecom.pav.jboss.jmx.HtmlAdaptorServlet\u003c/servlet-class\u003e\n\u00a0 \u003c/servlet\u003e\n\u00a0 \u003cservlet-mapping\u003e\n\u00a0 \u00a0 \u003cservlet-name\u003ejmx-console-action-handler\u003c/servlet-name\u003e\n\u00a0 \u00a0 \u003curl-pattern\u003e/jmx-console/HtmlAdaptor\u003c/url-pattern\u003e\n\u00a0 \u003c/servlet-mapping\u003e\n\u00a0\n  *  Save the changes and close the file.\n  *  Restart Pavilion8\u00ae Console Service.\n  *  Logout and log back into the console and navigate to the URL http:// \u003cFQDN\u003e/jmx-console\u00a0to confirm you are getting the error message HTTP Status 404 \u2013 Not Found.\nNote: \u003cFQDN\u003e\u00a0is your fully qualified domain name used for the Console login.\n\n\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Pavilion8 Security Misconfiguration Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2023-29463",
    "datePublished": "2023-09-12T16:42:14.868Z",
    "dateReserved": "2023-04-06T18:42:59.008Z",
    "dateUpdated": "2025-02-27T20:54:59.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-79689

CVE-2023-29463 (GCVE-0-2023-29463)

Tags

Sightings

Nomenclature