Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for FactoryTalk ThinManager by Rockwell Automation

    CVE-2024-10387 (GCVE-0-2024-10387)

    Vulnerability from nvd – Published: 2024-10-25 17:04 – Updated: 2024-10-25 20:14
    VLAI
    Title
    Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability
    Summary
    CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation FactoryTalk ThinManager Affected: 11.2.0-11.2.9
    Affected: 12.0.0-12.0.7
    Affected: 12.1.0-12.1.8
    Affected: 13.0.0-13.0.5
    Affected: 13.1.0-13.1.3
    Affected: 13.2.0-13.2.2
    Affected: 14.0.0
    Create a notification for this product.
    rockwellautomation thinmanager Affected: 11.2.0 , ≤ 11.2.9 (custom)
    Affected: 12.0.0 , ≤ 12.0.7 (custom)
    Affected: 12.1.0 , ≤ 12.1.8 (custom)
    Affected: 13.0.0 , ≤ 13.0.5 (custom)
    Affected: 13.1.0 , ≤ 13.1.3 (custom)
    Affected: 13.2.0 , ≤ 13.2.2 (custom)
    Affected: 14.0.0
        cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-25 17:00
    Credits
    Tenable Network Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "thinmanager",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThanOrEqual": "11.2.9",
                    "status": "affected",
                    "version": "11.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "12.0.7",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "12.1.8",
                    "status": "affected",
                    "version": "12.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.0.5",
                    "status": "affected",
                    "version": "13.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.1.3",
                    "status": "affected",
                    "version": "13.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.2.2",
                    "status": "affected",
                    "version": "13.2.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "14.0.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T20:10:20.475990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T20:14:03.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk ThinManager",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0-11.2.9"
                },
                {
                  "status": "affected",
                  "version": "12.0.0-12.0.7"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.8"
                },
                {
                  "status": "affected",
                  "version": "13.0.0-13.0.5"
                },
                {
                  "status": "affected",
                  "version": "13.1.0-13.1.3"
                },
                {
                  "status": "affected",
                  "version": "13.2.0-13.2.2"
                },
                {
                  "status": "affected",
                  "version": "14.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Tenable Network Security"
            }
          ],
          "datePublic": "2024-10-25T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cb\u003e\u003cu\u003eCVE-2024-10387 IMPACT\u003c/u\u003e\u003c/b\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\n\n\u003cp\u003eA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2024-10387 IMPACT\n\n\n\nA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-25T17:04:36.334Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: var(--wht);\"\u003eIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e11.2.10\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.0.8\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.1.9\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e13.0.6 \u003c/p\u003e\n\n\n\n\u003cp\u003e13.1.4 \u003c/p\u003e\n\n\n\n\u003cp\u003e13.2.3 \u003c/p\u003e\n\n\n\n\u003cp\u003e14.0.1\u003c/p\u003e\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "If able,\nnavigate to the  ThinManager\u00ae download site https://thinmanager.com/downloads/  and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6 \n\n\n\n\n\n13.1.4 \n\n\n\n\n\n13.2.3 \n\n\n\n\n\n14.0.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\u003c/p\u003e\u003cp\u003eImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\u003c/p\u003e\n\n\n\n\u003cp\u003eFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best\npractices\u003c/a\u003e to\nminimize the risk of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "If able,\nnavigate to the  ThinManager\u00ae download site https://thinmanager.com/downloads/  and upgrade to a corrected version of ThinManager\u00ae\n\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\n\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-10387",
        "datePublished": "2024-10-25T17:04:36.334Z",
        "dateReserved": "2024-10-25T12:38:30.428Z",
        "dateUpdated": "2024-10-25T20:14:03.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10386 (GCVE-0-2024-10386)

    Vulnerability from nvd – Published: 2024-10-25 17:04 – Updated: 2024-10-25 20:17
    VLAI
    Title
    Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability
    Summary
    CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation FactoryTalk ThinManager Affected: 11.2.0-11.2.9
    Affected: 12.0.0-12.0.7
    Affected: 12.1.0-12.1.8
    Affected: 13.0.0-13.0.5
    Affected: 13.1.0-13.1.3
    Affected: 13.2.0-13.2.2
    Affected: 14.0.0
    Create a notification for this product.
    rockwellautomation thinmanager Affected: 11.2.0 , ≤ 11.2.9 (custom)
    Affected: 12.0.0 , ≤ 12.0.7 (custom)
    Affected: 12.1.0 , ≤ 12.1.8 (custom)
    Affected: 13.0.0 , ≤ 13.0.5 (custom)
    Affected: 13.1.0 , ≤ 13.1.3 (custom)
    Affected: 13.2.0 , ≤ 13.2.2 (custom)
    Affected: 14.0.0
        cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-25 17:00
    Credits
    Tenable Network Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "thinmanager",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThanOrEqual": "11.2.9",
                    "status": "affected",
                    "version": "11.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "12.0.7",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "12.1.8",
                    "status": "affected",
                    "version": "12.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.0.5",
                    "status": "affected",
                    "version": "13.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.1.3",
                    "status": "affected",
                    "version": "13.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.2.2",
                    "status": "affected",
                    "version": "13.2.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "14.0.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10386",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T20:14:39.256573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T20:17:55.566Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk ThinManager",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0-11.2.9"
                },
                {
                  "status": "affected",
                  "version": "12.0.0-12.0.7"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.8"
                },
                {
                  "status": "affected",
                  "version": "13.0.0-13.0.5"
                },
                {
                  "status": "affected",
                  "version": "13.1.0-13.1.3"
                },
                {
                  "status": "affected",
                  "version": "13.2.0-13.2.2"
                },
                {
                  "status": "affected",
                  "version": "14.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Tenable Network Security"
            }
          ],
          "datePublic": "2024-10-25T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cb\u003e\u003cu\u003eCVE-2024-10386 IMPACT\u003c/u\u003e\u003c/b\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\n\n\u003cp\u003eAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2024-10386 IMPACT\n\n\n\nAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-25T17:04:34.000Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: var(--wht);\"\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e11.2.10\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.0.8\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.1.9\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e13.0.6\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e13.1.4\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e13.2.3\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e14.0.1\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the  ThinManager\u00ae download site https://thinmanager.com/downloads/  and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6\u00a0\n\n\n\n\n\n13.1.4\u00a0\n\n\n\n\n\n13.2.3\u00a0\n\n\n\n\n\n14.0.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best\npractices\u003c/a\u003e to\nminimize the risk of the vulnerability.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the  ThinManager\u00ae download site https://thinmanager.com/downloads/  and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-10386",
        "datePublished": "2024-10-25T17:04:34.000Z",
        "dateReserved": "2024-10-25T12:38:28.748Z",
        "dateUpdated": "2024-10-25T20:17:55.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10387 (GCVE-0-2024-10387)

    Vulnerability from cvelistv5 – Published: 2024-10-25 17:04 – Updated: 2024-10-25 20:14
    VLAI
    Title
    Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability
    Summary
    CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation FactoryTalk ThinManager Affected: 11.2.0-11.2.9
    Affected: 12.0.0-12.0.7
    Affected: 12.1.0-12.1.8
    Affected: 13.0.0-13.0.5
    Affected: 13.1.0-13.1.3
    Affected: 13.2.0-13.2.2
    Affected: 14.0.0
    Create a notification for this product.
    rockwellautomation thinmanager Affected: 11.2.0 , ≤ 11.2.9 (custom)
    Affected: 12.0.0 , ≤ 12.0.7 (custom)
    Affected: 12.1.0 , ≤ 12.1.8 (custom)
    Affected: 13.0.0 , ≤ 13.0.5 (custom)
    Affected: 13.1.0 , ≤ 13.1.3 (custom)
    Affected: 13.2.0 , ≤ 13.2.2 (custom)
    Affected: 14.0.0
        cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-25 17:00
    Credits
    Tenable Network Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "thinmanager",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThanOrEqual": "11.2.9",
                    "status": "affected",
                    "version": "11.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "12.0.7",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "12.1.8",
                    "status": "affected",
                    "version": "12.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.0.5",
                    "status": "affected",
                    "version": "13.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.1.3",
                    "status": "affected",
                    "version": "13.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.2.2",
                    "status": "affected",
                    "version": "13.2.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "14.0.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T20:10:20.475990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T20:14:03.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk ThinManager",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0-11.2.9"
                },
                {
                  "status": "affected",
                  "version": "12.0.0-12.0.7"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.8"
                },
                {
                  "status": "affected",
                  "version": "13.0.0-13.0.5"
                },
                {
                  "status": "affected",
                  "version": "13.1.0-13.1.3"
                },
                {
                  "status": "affected",
                  "version": "13.2.0-13.2.2"
                },
                {
                  "status": "affected",
                  "version": "14.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Tenable Network Security"
            }
          ],
          "datePublic": "2024-10-25T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cb\u003e\u003cu\u003eCVE-2024-10387 IMPACT\u003c/u\u003e\u003c/b\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\n\n\u003cp\u003eA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2024-10387 IMPACT\n\n\n\nA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-25T17:04:36.334Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: var(--wht);\"\u003eIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e11.2.10\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.0.8\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.1.9\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e13.0.6 \u003c/p\u003e\n\n\n\n\u003cp\u003e13.1.4 \u003c/p\u003e\n\n\n\n\u003cp\u003e13.2.3 \u003c/p\u003e\n\n\n\n\u003cp\u003e14.0.1\u003c/p\u003e\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "If able,\nnavigate to the  ThinManager\u00ae download site https://thinmanager.com/downloads/  and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6 \n\n\n\n\n\n13.1.4 \n\n\n\n\n\n13.2.3 \n\n\n\n\n\n14.0.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\u003c/p\u003e\u003cp\u003eImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\u003c/p\u003e\n\n\n\n\u003cp\u003eFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best\npractices\u003c/a\u003e to\nminimize the risk of the vulnerability.\u003c/p\u003e"
                }
              ],
              "value": "If able,\nnavigate to the  ThinManager\u00ae download site https://thinmanager.com/downloads/  and upgrade to a corrected version of ThinManager\u00ae\n\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\n\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-10387",
        "datePublished": "2024-10-25T17:04:36.334Z",
        "dateReserved": "2024-10-25T12:38:30.428Z",
        "dateUpdated": "2024-10-25T20:14:03.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10386 (GCVE-0-2024-10386)

    Vulnerability from cvelistv5 – Published: 2024-10-25 17:04 – Updated: 2024-10-25 20:17
    VLAI
    Title
    Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability
    Summary
    CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation FactoryTalk ThinManager Affected: 11.2.0-11.2.9
    Affected: 12.0.0-12.0.7
    Affected: 12.1.0-12.1.8
    Affected: 13.0.0-13.0.5
    Affected: 13.1.0-13.1.3
    Affected: 13.2.0-13.2.2
    Affected: 14.0.0
    Create a notification for this product.
    rockwellautomation thinmanager Affected: 11.2.0 , ≤ 11.2.9 (custom)
    Affected: 12.0.0 , ≤ 12.0.7 (custom)
    Affected: 12.1.0 , ≤ 12.1.8 (custom)
    Affected: 13.0.0 , ≤ 13.0.5 (custom)
    Affected: 13.1.0 , ≤ 13.1.3 (custom)
    Affected: 13.2.0 , ≤ 13.2.2 (custom)
    Affected: 14.0.0
        cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-25 17:00
    Credits
    Tenable Network Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "thinmanager",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThanOrEqual": "11.2.9",
                    "status": "affected",
                    "version": "11.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "12.0.7",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "12.1.8",
                    "status": "affected",
                    "version": "12.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.0.5",
                    "status": "affected",
                    "version": "13.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.1.3",
                    "status": "affected",
                    "version": "13.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "13.2.2",
                    "status": "affected",
                    "version": "13.2.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "14.0.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10386",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T20:14:39.256573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T20:17:55.566Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FactoryTalk ThinManager",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.2.0-11.2.9"
                },
                {
                  "status": "affected",
                  "version": "12.0.0-12.0.7"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.8"
                },
                {
                  "status": "affected",
                  "version": "13.0.0-13.0.5"
                },
                {
                  "status": "affected",
                  "version": "13.1.0-13.1.3"
                },
                {
                  "status": "affected",
                  "version": "13.2.0-13.2.2"
                },
                {
                  "status": "affected",
                  "version": "14.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Tenable Network Security"
            }
          ],
          "datePublic": "2024-10-25T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cb\u003e\u003cu\u003eCVE-2024-10386 IMPACT\u003c/u\u003e\u003c/b\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\n\n\u003cp\u003eAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation.\u003c/p\u003e"
                }
              ],
              "value": "CVE-2024-10386 IMPACT\n\n\n\nAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-25T17:04:34.000Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: var(--wht);\"\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e11.2.10\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.0.8\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.1.9\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e13.0.6\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e13.1.4\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e13.2.3\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e14.0.1\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the  ThinManager\u00ae download site https://thinmanager.com/downloads/  and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6\u00a0\n\n\n\n\n\n13.1.4\u00a0\n\n\n\n\n\n13.2.3\u00a0\n\n\n\n\n\n14.0.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best\npractices\u003c/a\u003e to\nminimize the risk of the vulnerability.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the  ThinManager\u00ae download site https://thinmanager.com/downloads/  and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-10386",
        "datePublished": "2024-10-25T17:04:34.000Z",
        "dateReserved": "2024-10-25T12:38:28.748Z",
        "dateUpdated": "2024-10-25T20:17:55.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }