Rockwell Automation Pavilion8
Rockwell Automation Pavilion8 software versions v5.17.00 and v5.17.01 have a vulnerability (CVE-2023-29463) with a CVSS v3 base score of 8.8, which could allow an attacker to retrieve other users' session data. The vulnerability is due to improper authentication in the JMX Console within the Pavilion. Rockwell Automation recommends customers update to v5.20 or disable the vulnerability in v5.17 by modifying the web.xml file and restarting the Pavilion8 Console Service. CISA advises users to minimize network exposure for control system devices, locate them behind firewalls, and use secure methods like VPNs for remote access. CVEs: CVE-2023-29463 [View Article](https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-07)