Vulnerability-Lookup

GHSA-FPFR-6QQP-32GM

Vulnerability from github – Published: 2023-09-12 18:30 – Updated: 2024-04-04 07:37

Details

The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-29463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-12T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\n\n",
  "id": "GHSA-fpfr-6qqp-32gm",
  "modified": "2024-04-04T07:37:19Z",
  "published": "2023-09-12T18:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29463"
    },
    {
      "type": "WEB",
      "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-29463 (GCVE-0-2023-29463)

Vulnerability from cvelistv5 – Published: 2023-09-12 16:42 – Updated: 2025-02-27 20:54

Title

Pavilion8 Security Misconfiguration Vulnerability

Summary

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication

Assigner

Rockwell

References

URL

Tags

https://rockwellautomation.custhelp.com/app/answe…

Impacted products

	Vendor	Product	Version
	Rockwell Automation	Pavilion8	Affected: <5.20

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:46.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29463",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:51:43.237837Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:54:59.034Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Pavilion8",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c5.20"
            }
          ]
        }
      ],
      "datePublic": "2023-09-12T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users\u2019 session data and or log users out of their session.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T16:42:14.868Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140590"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003eRisk Mitigation \u0026amp; User Action\u003c/div\u003e\u003cdiv\u003eCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.\u003cul\u003e\u003cli\u003eUpdate to v5.20\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012\"\u003eQA43240 - Recommended Security Guidelines from Rockwell Automation\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cstrong\u003eIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17.\u003c/strong\u003e\u003col\u003e\u003cli\u003eOpen the \u003ccode\u003eweb.xml\u003c/code\u003e\u0026nbsp;file in your Pavilion8\u00ae installation folder set during installation and go to \u003cem\u003eConsole\\container\\webapps\\ROOT\\WEB-INF\u003c/em\u003e, by default this would be under \u003ccode\u003eC:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF\u003c/code\u003e.\u003c/li\u003e\u003cli\u003eSearch for the text \u003ccode\u003ejmx-console-action-handler\u003c/code\u003e\u0026nbsp;and delete the below lines from \u003ccode\u003eweb.xml\u003c/code\u003e\u0026nbsp;file:\u003cbr\u003e\u003cbr\u003e\u003ccode\u003e\u0026nbsp; \u0026lt;servlet\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-name\u0026gt;jmx-console-action-handler\u0026lt;/servlet-name\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-class\u0026gt;com.pav.jboss.jmx.HtmlAdaptorServlet\u0026lt;/servlet-class\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;/servlet\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;servlet-mapping\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;servlet-name\u0026gt;jmx-console-action-handler\u0026lt;/servlet-name\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026lt;url-pattern\u0026gt;/jmx-console/HtmlAdaptor\u0026lt;/url-pattern\u0026gt;\u003cbr\u003e\u0026nbsp; \u0026lt;/servlet-mapping\u0026gt;\u003c/code\u003e\u003cbr\u003e\u0026nbsp;\u003c/li\u003e\u003cli\u003eSave the changes and close the file.\u003c/li\u003e\u003cli\u003eRestart \u003cstrong\u003ePavilion8\u00ae Console Service\u003c/strong\u003e.\u003c/li\u003e\u003cli\u003eLogout and log back into the console and navigate to the URL \u003ccode\u003ehttp:// \u0026lt;FQDN\u0026gt;/jmx-console\u003c/code\u003e\u0026nbsp;to confirm you are getting the error message \u003ccode\u003eHTTP Status 404 \u2013 Not Found\u003c/code\u003e.\u003c/li\u003e\u003c/ol\u003e\u003cblockquote\u003e\u003cp\u003e\u003cu\u003eNote\u003c/u\u003e: \u003ccode\u003e\u0026lt;FQDN\u0026gt;\u003c/code\u003e\u0026nbsp;is your fully qualified domain name used for the Console login.\u003c/p\u003e\u003c/blockquote\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nRisk Mitigation \u0026 User Action\n\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.  *  Update to v5.20\n  *   QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012 \n\n\n\nIf customers are unable to update to v5.20, please follow the instructions below to disable the vulnerability in v5.17.  *  Open the web.xml\u00a0file in your Pavilion8\u00ae installation folder set during installation and go to Console\\container\\webapps\\ROOT\\WEB-INF, by default this would be under C:\\Pavilion\\Console\\container\\webapps\\ROOT\\WEB-INF.\n  *  Search for the text jmx-console-action-handler\u00a0and delete the below lines from web.xml\u00a0file:\n\n\u00a0 \u003cservlet\u003e\n\u00a0 \u00a0 \u003cservlet-name\u003ejmx-console-action-handler\u003c/servlet-name\u003e\n\u00a0 \u00a0 \u003cservlet-class\u003ecom.pav.jboss.jmx.HtmlAdaptorServlet\u003c/servlet-class\u003e\n\u00a0 \u003c/servlet\u003e\n\u00a0 \u003cservlet-mapping\u003e\n\u00a0 \u00a0 \u003cservlet-name\u003ejmx-console-action-handler\u003c/servlet-name\u003e\n\u00a0 \u00a0 \u003curl-pattern\u003e/jmx-console/HtmlAdaptor\u003c/url-pattern\u003e\n\u00a0 \u003c/servlet-mapping\u003e\n\u00a0\n  *  Save the changes and close the file.\n  *  Restart Pavilion8\u00ae Console Service.\n  *  Logout and log back into the console and navigate to the URL http:// \u003cFQDN\u003e/jmx-console\u00a0to confirm you are getting the error message HTTP Status 404 \u2013 Not Found.\nNote: \u003cFQDN\u003e\u00a0is your fully qualified domain name used for the Console login.\n\n\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Pavilion8 Security Misconfiguration Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2023-29463",
    "datePublished": "2023-09-12T16:42:14.868Z",
    "dateReserved": "2023-04-06T18:42:59.008Z",
    "dateUpdated": "2025-02-27T20:54:59.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-FPFR-6QQP-32GM

CVE-2023-29463 (GCVE-0-2023-29463)

Tags

Sightings

Nomenclature