Search criteria
18 vulnerabilities found for ThinManager by Rockwell Automation
VAR-202408-2335
Vulnerability from variot - Updated: 2025-11-18 15:36A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ThinServer service which listens on TCP port 2031 by default. The issue results from the lack of proper access controls set on resources used by the service. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202408-2335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "1.1.0,\u003c=11.1.7"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0,\u003c=11.2.8"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0,\u003c=12.0.6"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0,\u003c=12.1.7"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0,\u003c=13.0.4"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0,\u003c=13.1.2"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0,\u003c=13.2.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1157"
},
{
"db": "CNVD",
"id": "CNVD-2024-46734"
},
{
"db": "NVD",
"id": "CVE-2024-7987"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1157"
}
],
"trust": 0.7
},
"cve": "CVE-2024-7987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2024-46734",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-7987",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-7987",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-7987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-7987",
"trust": 1.0,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-7987",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2024-46734",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1157"
},
{
"db": "CNVD",
"id": "CNVD-2024-46734"
},
{
"db": "NVD",
"id": "CVE-2024-7987"
},
{
"db": "NVD",
"id": "CVE-2024-7987"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote code execution vulnerability exists in the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122\nthat allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer\u2122 service by creating a junction and use it to upload arbitrary files. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ThinServer service which listens on TCP port 2031 by default. The issue results from the lack of proper access controls set on resources used by the service. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-7987"
},
{
"db": "ZDI",
"id": "ZDI-24-1157"
},
{
"db": "CNVD",
"id": "CNVD-2024-46734"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-7987",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-24-1157",
"trust": 1.3
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24006",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-46734",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1157"
},
{
"db": "CNVD",
"id": "CNVD-2024-46734"
},
{
"db": "NVD",
"id": "CVE-2024-7987"
}
]
},
"id": "VAR-202408-2335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46734"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46734"
}
]
},
"last_update_date": "2025-11-18T15:36:52.882000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.rockwellautomation.com/en-ca/trust-center/security-advisories/advisory.SD1692.html"
},
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Remote Code Execution Vulnerability (CNVD-2024-46734)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634611"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1157"
},
{
"db": "CNVD",
"id": "CNVD-2024-46734"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-7987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1692.html"
},
{
"trust": 0.7,
"url": "https://www.rockwellautomation.com/en-ca/trust-center/security-advisories/advisory.sd1692.html"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1157/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1157"
},
{
"db": "CNVD",
"id": "CNVD-2024-46734"
},
{
"db": "NVD",
"id": "CVE-2024-7987"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1157"
},
{
"db": "CNVD",
"id": "CNVD-2024-46734"
},
{
"db": "NVD",
"id": "CVE-2024-7987"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1157"
},
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46734"
},
{
"date": "2024-08-26T15:15:09.047000",
"db": "NVD",
"id": "CVE-2024-7987"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1157"
},
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46734"
},
{
"date": "2025-10-21T18:58:40.313000",
"db": "NVD",
"id": "CVE-2024-7987"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation ThinManager ThinServer Arbitrary File Creation Privilege Escalation Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1157"
}
],
"trust": 0.7
}
}
VAR-202408-2442
Vulnerability from variot - Updated: 2025-11-18 15:25A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ThinServer service. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202408-2442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "1.1.0,\u003c=11.1.7"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0,\u003c=11.2.8"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0,\u003c=12.0.6"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0,\u003c=12.1.7"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0,\u003c=13.0.4"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0,\u003c=13.1.2"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0,\u003c=13.2.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1158"
},
{
"db": "CNVD",
"id": "CNVD-2024-46735"
},
{
"db": "NVD",
"id": "CVE-2024-7988"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1158"
}
],
"trust": 0.7
},
"cve": "CVE-2024-7988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-46735",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-7988",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-7988",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-7988",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-7988",
"trust": 1.0,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2024-7988",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2024-46735",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1158"
},
{
"db": "CNVD",
"id": "CNVD-2024-46735"
},
{
"db": "NVD",
"id": "CVE-2024-7988"
},
{
"db": "NVD",
"id": "CVE-2024-7988"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote code execution vulnerability exists in the Rockwell Automation ThinManager\u00ae ThinServer\u2122 that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ThinServer service. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-7988"
},
{
"db": "ZDI",
"id": "ZDI-24-1158"
},
{
"db": "CNVD",
"id": "CNVD-2024-46735"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-7988",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-24-1158",
"trust": 1.3
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24040",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-46735",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1158"
},
{
"db": "CNVD",
"id": "CNVD-2024-46735"
},
{
"db": "NVD",
"id": "CVE-2024-7988"
}
]
},
"id": "VAR-202408-2442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46735"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46735"
}
]
},
"last_update_date": "2025-11-18T15:25:57.183000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.rockwellautomation.com/en-ca/trust-center/security-advisories/advisory.SD1692.html"
},
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634606"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1158"
},
{
"db": "CNVD",
"id": "CNVD-2024-46735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-7988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1692.html"
},
{
"trust": 0.7,
"url": "https://www.rockwellautomation.com/en-ca/trust-center/security-advisories/advisory.sd1692.html"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1158/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1158"
},
{
"db": "CNVD",
"id": "CNVD-2024-46735"
},
{
"db": "NVD",
"id": "CVE-2024-7988"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1158"
},
{
"db": "CNVD",
"id": "CNVD-2024-46735"
},
{
"db": "NVD",
"id": "CVE-2024-7988"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1158"
},
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46735"
},
{
"date": "2024-08-26T15:15:09.140000",
"db": "NVD",
"id": "CVE-2024-7988"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1158"
},
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46735"
},
{
"date": "2025-10-21T18:58:17.483000",
"db": "NVD",
"id": "CVE-2024-7988"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation ThinManager ThinServer Unrestricted File Upload Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1158"
}
],
"trust": 0.7
}
}
VAR-202408-2396
Vulnerability from variot - Updated: 2025-03-10 01:19A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ThinServer service which listens on TCP port 8443 by default. The issue results from the lack of proper access controls set on resources used by the service. An attacker can leverage this vulnerability to read files in the context of the SYSTEM. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202408-2396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": null,
"trust": 1.5,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.0.0 that\u0027s all 12.0.7"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.1.0 that\u0027s all 11.1.8"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.1.0 that\u0027s all 12.1.8"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.1.0 that\u0027s all 13.1.3"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.0.0 that\u0027s all 13.0.5"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.2.0 that\u0027s all 13.2.2"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.2.0 that\u0027s all 11.2.9"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "1.1.0,\u003c=11.1.7"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0,\u003c=11.2.8"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0,\u003c=12.0.6"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0,\u003c=12.1.7"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0,\u003c=13.0.4"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0,\u003c=13.1.2"
},
{
"model": "automation thinmanager thinserver",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0,\u003c=13.2.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1156"
},
{
"db": "CNVD",
"id": "CNVD-2024-46733"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-019784"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1156"
}
],
"trust": 0.7
},
"cve": "CVE-2024-7986",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2024-46733",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-7986",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-7986",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-7986",
"trust": 1.0,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2024-7986",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-7986",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2024-46733",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1156"
},
{
"db": "CNVD",
"id": "CNVD-2024-46733"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-019784"
},
{
"db": "NVD",
"id": "CVE-2024-7986"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u00a0that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer\u2122 service to read arbitrary files by creating a junction that points to the target directory. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ThinServer service which listens on TCP port 8443 by default. The issue results from the lack of proper access controls set on resources used by the service. An attacker can leverage this vulnerability to read files in the context of the SYSTEM. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-7986"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-019784"
},
{
"db": "ZDI",
"id": "ZDI-24-1156"
},
{
"db": "CNVD",
"id": "CNVD-2024-46733"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-7986",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1156",
"trust": 1.3
},
{
"db": "ICS CERT",
"id": "ICSA-24-242-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96141650",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-019784",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24002",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-46733",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1156"
},
{
"db": "CNVD",
"id": "CNVD-2024-46733"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-019784"
},
{
"db": "NVD",
"id": "CVE-2024-7986"
}
]
},
"id": "VAR-202408-2396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46733"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46733"
}
]
},
"last_update_date": "2025-03-10T01:19:23.959000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.rockwellautomation.com/en-ca/trust-center/security-advisories/advisory.SD1692.html"
},
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Permission Management Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634621"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1156"
},
{
"db": "CNVD",
"id": "CNVD-2024-46733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "Improper permission assignment for critical resources (CWE-732) [ others ]",
"trust": 0.8
},
{
"problemtype": " Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-019784"
},
{
"db": "NVD",
"id": "CVE-2024-7986"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1692.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96141650/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-7986"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-242-01"
},
{
"trust": 0.7,
"url": "https://www.rockwellautomation.com/en-ca/trust-center/security-advisories/advisory.sd1692.html"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1156/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1156"
},
{
"db": "CNVD",
"id": "CNVD-2024-46733"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-019784"
},
{
"db": "NVD",
"id": "CVE-2024-7986"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1156"
},
{
"db": "CNVD",
"id": "CNVD-2024-46733"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-019784"
},
{
"db": "NVD",
"id": "CVE-2024-7986"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1156"
},
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46733"
},
{
"date": "2025-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-019784"
},
{
"date": "2024-08-23T12:15:03.920000",
"db": "NVD",
"id": "CVE-2024-7986"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-22T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1156"
},
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46733"
},
{
"date": "2025-03-05T09:17:00",
"db": "JVNDB",
"id": "JVNDB-2024-019784"
},
{
"date": "2024-08-23T16:18:28.547000",
"db": "NVD",
"id": "CVE-2024-7986"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 Vulnerability in improper permission assignment for critical resources in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-019784"
}
],
"trust": 0.8
}
}
VAR-202409-1723
Vulnerability from variot - Updated: 2024-12-21 23:01CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file. Rockwell Automation of thinmanager Exists in a vulnerability in externally controllable references to resources in another region.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, an American company. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-1723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.2.0 that\u0027s all 13.2.2"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.1.0 that\u0027s all 13.1.3"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0,\u003c=13.1.2"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0,\u003c=13.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"cve": "CVE-2024-45826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-46731",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-45826",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2024-45826",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-45826",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-45826",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-45826",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-45826",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-46731",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CVE-2024-45826 IMPACT\nDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file. Rockwell Automation of thinmanager Exists in a vulnerability in externally controllable references to resources in another region.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, an American company. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-45826"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-45826",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-24-256-25",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94816770",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-46731",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"id": "VAR-202409-1723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
]
},
"last_update_date": "2024-12-21T23:01:33.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634571"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-610",
"trust": 1.0
},
{
"problemtype": "Externally controllable reference to another region resource (CWE-610) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Externally controllable reference to another region resource (CWE-610) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1700.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94816770/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-45826"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"date": "2024-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"date": "2024-09-12T15:18:24.287000",
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"date": "2024-10-03T01:43:00",
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"date": "2024-10-02T14:35:38.017000",
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 Vulnerability in externally controllable references to resources in another region of",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
}
],
"trust": 0.8
}
}
VAR-202410-2617
Vulnerability from variot - Updated: 2024-12-21 19:23CVE-2024-10387 IMPACT
A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time.
Rockwell Automation ThinManager has a denial of service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-2617",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.3"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.8"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.10"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.6"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.9"
},
{
"model": "thinmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.4"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.2.0 that\u0027s all 11.2.10"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "14.0.0"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.2.0 to 13.2.3"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.0.0 that\u0027s all 12.0.8"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.0.0 that\u0027s all 13.0.6"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.1.0 that\u0027s all 12.1.9"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.1.0 to 13.1.4"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0,\u003c=11.2.9"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0,\u003c=12.0.7"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0,\u003c=12.1.8"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0,\u003c=13.0.5"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0,\u003c=13.1.3"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0,\u003c=13.2.2"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "14.0.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"cve": "CVE-2024-10387",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-46726",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-10387",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-10387",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-10387",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-10387",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-10387",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-46726",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CVE-2024-10387 IMPACT\n\n\n\nA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time. \n\nRockwell Automation ThinManager has a denial of service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-10387"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "CNVD",
"id": "CNVD-2024-46726"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-10387",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU97090361",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-305-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-46726",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"id": "VAR-202410-2617",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
}
]
},
"last_update_date": "2024-12-21T19:23:34.691000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634601"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1708.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97090361/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-10387"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-305-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"date": "2024-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"date": "2024-10-25T17:15:04.230000",
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"date": "2024-11-06T01:58:00",
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"date": "2024-11-05T20:05:55.323000",
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
}
],
"trust": 0.8
}
}
VAR-202410-3402
Vulnerability from variot - Updated: 2024-12-21 19:23CVE-2024-10386 IMPACT
An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-3402",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.3"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.8"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.10"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.6"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.4"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.9"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.2.0 that\u0027s all 13.2.3"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.1.0 that\u0027s all 13.1.4"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.2.0 that\u0027s all 11.2.10"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "14.0.0"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.0.0 that\u0027s all 12.0.8"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.0.0 that\u0027s all 13.0.6"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.1.0 that\u0027s all 12.1.9"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0,\u003c=11.2.9"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0,\u003c=12.0.7"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0,\u003c=12.1.8"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0,\u003c=13.0.5"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0,\u003c=13.1.3"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0,\u003c=13.2.2"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "14.0.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"cve": "CVE-2024-10386",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-46725",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-10386",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-10386",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-10386",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-10386",
"trust": 1.0,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2024-10386",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-46725",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CVE-2024-10386 IMPACT\n\n\n\nAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-10386"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "CNVD",
"id": "CNVD-2024-46725"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-10386",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU97090361",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-305-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-46725",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"id": "VAR-202410-3402",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
}
]
},
"last_update_date": "2024-12-21T19:23:34.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager Authentication Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634596"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1708.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97090361/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-10386"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-305-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"date": "2024-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"date": "2024-10-25T17:15:03.987000",
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"date": "2024-11-06T01:18:00",
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"date": "2024-11-05T20:07:59.487000",
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
}
],
"trust": 0.8
}
}
VAR-202406-2530
Vulnerability from variot - Updated: 2024-09-28 23:19Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-2530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinserver",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"cve": "CVE-2024-5989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38543",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5989",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-5989",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5989",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-5989",
"trust": 1.0,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2024-5989",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-38543",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5989"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5989",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38543",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"id": "VAR-202406-2530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
]
},
"last_update_date": "2024-09-28T23:19:21.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38543)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593051"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1677.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"date": "2024-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"date": "2024-06-25T16:15:25.363000",
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"date": "2024-09-17T02:05:00",
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"date": "2024-09-16T12:08:03.447000",
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 and \u00a0thinserver\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
}
],
"trust": 0.8
}
}
VAR-202406-0976
Vulnerability from variot - Updated: 2024-09-28 23:00Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-0976",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinserver",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"cve": "CVE-2024-5988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38544",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5988",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-5988",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5988",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-5988",
"trust": 1.0,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2024-5988",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-38544",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5988"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5988",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU99141957",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-193-18",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38544",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"id": "VAR-202406-0976",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
]
},
"last_update_date": "2024-09-28T23:00:00.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38544)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593046"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1677.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99141957/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5988"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"date": "2024-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"date": "2024-06-25T16:15:24.937000",
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"date": "2024-09-17T05:13:00",
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"date": "2024-09-16T12:07:20.767000",
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 and \u00a0thinserver\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
}
],
"trust": 0.8
}
}
VAR-202406-2134
Vulnerability from variot - Updated: 2024-09-28 23:00Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-2134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.2"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.4"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.2"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.4"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinserver",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"cve": "CVE-2024-5990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38545",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5990",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-5990",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5990",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-5990",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-5990",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38545",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5990"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5990",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU99141957",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-193-18",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38545",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"id": "VAR-202406-2134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
]
},
"last_update_date": "2024-09-28T23:00:00.755000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38545)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593041"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1677.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99141957/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5990"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"date": "2024-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"date": "2024-06-25T16:15:25.470000",
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"date": "2024-09-17T04:36:00",
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"date": "2024-09-16T11:58:38.363000",
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 and \u00a0thinserver\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
}
],
"trust": 0.8
}
}
VAR-202209-1831
Vulnerability from variot - Updated: 2024-08-14 15:11Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. Rockwell Automation Provided by the company ThinManager ThinServer is a thin client and RDP (( Remote Desktop Protocol ) server management software. ThinManager ThinServer The following vulnerabilities exist in. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of HTTPS traffic. When parsing a URI, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1831",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.2.0 to 11.2.5 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.0.0 to 12.0.2 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.1.0 to 11.1.4 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.1.0 to 12.1.3 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.0.0 to 11.0.4 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
}
],
"trust": 0.7
},
"cve": "CVE-2022-38742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-38742",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-38742",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38742",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-38742",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-38742",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2022-38742",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-38742",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2022-38742",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2416",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. Rockwell Automation Provided by the company ThinManager ThinServer is a thin client and RDP (( Remote Desktop Protocol ) server management software. ThinManager ThinServer The following vulnerabilities exist in. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of HTTPS traffic. When parsing a URI, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web service",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38742",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-270-03",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93951878",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17482",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1302",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-434516",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"id": "VAR-202209-1831",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-434516"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:11:15.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "File\u00a0Parsing\u00a0XML\u00a0Entity\u00a0in\u00a0Multiple\u00a0Products (Login required) Rockwell\u00a0Automation",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134596"
},
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-270-03"
},
{
"title": "Rockwell Automation ThinManager Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209163"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
},
{
"trust": 1.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-270-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93951878/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38742"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-270-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38742/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-28T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-434516"
},
{
"date": "2022-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"date": "2022-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"date": "2022-09-23T16:15:11.570000",
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-28T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"date": "2022-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-434516"
},
{
"date": "2024-06-13T02:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"date": "2022-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"date": "2022-09-26T22:20:15.477000",
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 Made \u00a0ThinManager\u00a0ThinServer\u00a0 Heap-based buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
}
],
"trust": 0.6
}
}
CVE-2025-9065 (GCVE-0-2025-9065)
Vulnerability from nvd – Published: 2025-09-09 12:51 – Updated: 2025-09-09 13:23
VLAI?
Title
Rockwell Automation ThinManager® Server-Side Request Forgery Vulnerability
Summary
A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
13.0 - 14.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:23:19.121711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:23:24.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.0 - 14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash.\u003c/span\u003e"
}
],
"value": "A server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T12:51:42.091Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1743.html"
}
],
"source": {
"advisory": "SD1743",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae Server-Side Request Forgery Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-9065",
"datePublished": "2025-09-09T12:51:42.091Z",
"dateReserved": "2025-08-15T13:58:23.749Z",
"dateUpdated": "2025-09-09T13:23:24.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3618 (GCVE-0-2025-3618)
Vulnerability from nvd – Published: 2025-04-15 17:19 – Updated: 2025-04-17 17:25
VLAI?
Title
Local Privilege Escalation Vulnerability
Summary
A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.
Severity ?
CWE
- 119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
v14.0.1 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T17:40:46.050596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:25:38.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v14.0.1 and earlier"
}
]
}
],
"datePublic": "2025-04-15T17:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.\u003c/span\u003e"
}
],
"value": "A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "119 - Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T17:19:53.368Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCorrected in v11.2.11, 12.0.9, 12.1.10, 13.0.7, 13.1.5, 13.2.4, 14.0.2 and later\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Corrected in v11.2.11, 12.0.9, 12.1.10, 13.0.7, 13.1.5, 13.2.4, 14.0.2 and later"
}
],
"source": {
"advisory": "SD1727",
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-3618",
"datePublished": "2025-04-15T17:19:53.368Z",
"dateReserved": "2025-04-14T23:45:33.404Z",
"dateUpdated": "2025-04-17T17:25:38.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45826 (GCVE-0-2024-45826)
Vulnerability from nvd – Published: 2024-09-12 14:33 – Updated: 2024-09-12 14:58
VLAI?
Title
ThinManager® Code Execution Vulnerability
Summary
CVE-2024-45826 IMPACT
Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
13.1.0-13.1.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "13.1.3",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:57:00.839917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:58:34.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.1.0-13.1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.2.0-13.2.1"
}
]
}
],
"datePublic": "2024-09-12T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CVE-2024-45826 IMPACT\u003cbr\u003eDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file.\u003cbr\u003e"
}
],
"value": "CVE-2024-45826 IMPACT\nDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:33:44.373Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to V13.1.3 or V13.2.2"
}
],
"value": "Upgrade to V13.1.3 or V13.2.2"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ThinManager\u00ae Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-45826",
"datePublished": "2024-09-12T14:33:44.373Z",
"dateReserved": "2024-09-09T19:33:02.444Z",
"dateUpdated": "2024-09-12T14:58:34.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2443 (GCVE-0-2023-2443)
Vulnerability from nvd – Published: 2023-05-11 18:08 – Updated: 2025-01-24 21:16
VLAI?
Summary
Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.
Severity ?
7.5 (High)
CWE
- Rockwell Automation ThinManager Software Utilizes Inadequate Encryption Strength
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
<=13.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139442"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T21:16:14.230416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T21:16:26.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c=13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRockwell Automation ThinManager product allows the use of medium strength ciphers. \u0026nbsp;If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.\u003c/span\u003e\n\n"
}
],
"value": "\nRockwell Automation ThinManager product allows the use of medium strength ciphers. \u00a0If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-20",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-20 Encryption Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Rockwell Automation ThinManager Software Utilizes Inadequate Encryption Strength",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T18:08:08.060Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139442"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers should upgrade to 13.0.2 to correct this issue.\u0026nbsp; If upgrading is not possible, customers should ensure that the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e3DES encryption algorithm is not used.\u003c/span\u003e"
}
],
"value": "Customers should upgrade to 13.0.2 to correct this issue.\u00a0 If upgrading is not possible, customers should ensure that the\u00a03DES encryption algorithm is not used."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2443",
"datePublished": "2023-05-11T18:08:08.060Z",
"dateReserved": "2023-05-01T13:52:27.487Z",
"dateUpdated": "2025-01-24T21:16:26.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9065 (GCVE-0-2025-9065)
Vulnerability from cvelistv5 – Published: 2025-09-09 12:51 – Updated: 2025-09-09 13:23
VLAI?
Title
Rockwell Automation ThinManager® Server-Side Request Forgery Vulnerability
Summary
A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
13.0 - 14.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:23:19.121711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:23:24.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.0 - 14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash.\u003c/span\u003e"
}
],
"value": "A server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T12:51:42.091Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1743.html"
}
],
"source": {
"advisory": "SD1743",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae Server-Side Request Forgery Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-9065",
"datePublished": "2025-09-09T12:51:42.091Z",
"dateReserved": "2025-08-15T13:58:23.749Z",
"dateUpdated": "2025-09-09T13:23:24.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3618 (GCVE-0-2025-3618)
Vulnerability from cvelistv5 – Published: 2025-04-15 17:19 – Updated: 2025-04-17 17:25
VLAI?
Title
Local Privilege Escalation Vulnerability
Summary
A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.
Severity ?
CWE
- 119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
v14.0.1 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T17:40:46.050596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:25:38.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v14.0.1 and earlier"
}
]
}
],
"datePublic": "2025-04-15T17:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.\u003c/span\u003e"
}
],
"value": "A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "119 - Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T17:19:53.368Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCorrected in v11.2.11, 12.0.9, 12.1.10, 13.0.7, 13.1.5, 13.2.4, 14.0.2 and later\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Corrected in v11.2.11, 12.0.9, 12.1.10, 13.0.7, 13.1.5, 13.2.4, 14.0.2 and later"
}
],
"source": {
"advisory": "SD1727",
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-3618",
"datePublished": "2025-04-15T17:19:53.368Z",
"dateReserved": "2025-04-14T23:45:33.404Z",
"dateUpdated": "2025-04-17T17:25:38.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45826 (GCVE-0-2024-45826)
Vulnerability from cvelistv5 – Published: 2024-09-12 14:33 – Updated: 2024-09-12 14:58
VLAI?
Title
ThinManager® Code Execution Vulnerability
Summary
CVE-2024-45826 IMPACT
Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
13.1.0-13.1.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "13.1.3",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:57:00.839917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:58:34.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.1.0-13.1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.2.0-13.2.1"
}
]
}
],
"datePublic": "2024-09-12T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CVE-2024-45826 IMPACT\u003cbr\u003eDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file.\u003cbr\u003e"
}
],
"value": "CVE-2024-45826 IMPACT\nDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:33:44.373Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to V13.1.3 or V13.2.2"
}
],
"value": "Upgrade to V13.1.3 or V13.2.2"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ThinManager\u00ae Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-45826",
"datePublished": "2024-09-12T14:33:44.373Z",
"dateReserved": "2024-09-09T19:33:02.444Z",
"dateUpdated": "2024-09-12T14:58:34.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2443 (GCVE-0-2023-2443)
Vulnerability from cvelistv5 – Published: 2023-05-11 18:08 – Updated: 2025-01-24 21:16
VLAI?
Summary
Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.
Severity ?
7.5 (High)
CWE
- Rockwell Automation ThinManager Software Utilizes Inadequate Encryption Strength
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
<=13.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139442"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T21:16:14.230416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T21:16:26.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c=13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRockwell Automation ThinManager product allows the use of medium strength ciphers. \u0026nbsp;If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.\u003c/span\u003e\n\n"
}
],
"value": "\nRockwell Automation ThinManager product allows the use of medium strength ciphers. \u00a0If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-20",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-20 Encryption Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Rockwell Automation ThinManager Software Utilizes Inadequate Encryption Strength",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T18:08:08.060Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139442"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers should upgrade to 13.0.2 to correct this issue.\u0026nbsp; If upgrading is not possible, customers should ensure that the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e3DES encryption algorithm is not used.\u003c/span\u003e"
}
],
"value": "Customers should upgrade to 13.0.2 to correct this issue.\u00a0 If upgrading is not possible, customers should ensure that the\u00a03DES encryption algorithm is not used."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2443",
"datePublished": "2023-05-11T18:08:08.060Z",
"dateReserved": "2023-05-01T13:52:27.487Z",
"dateUpdated": "2025-01-24T21:16:26.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}