CVE-2024-12371

Vulnerability Description

A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.

Related Weaknesses (CWE)

CWE-306

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/adviso

FAQ

What is CVE-2024-12371?

CVE-2024-12371 is a documented vulnerability. A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholde...

How severe is CVE-2024-12371?

CVSS scoring is not yet available for CVE-2024-12371. Check NVD for updates.

Is there a patch for CVE-2024-12371?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.