Search criteria
40 vulnerabilities found for thinmanager by rockwellautomation
VAR-202509-0772
Vulnerability from variot - Updated: 2025-11-18 15:19A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash. Rockwell Automation ThinManager is thin client management software from Rockwell Automation. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. An attacker can exploit this vulnerability to forge server-side requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202509-0772",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.0.0"
},
{
"model": "automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0,\u003c=14.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21158"
},
{
"db": "NVD",
"id": "CVE-2025-9065"
}
]
},
"cve": "CVE-2025-9065",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2025-21158",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-9065",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-9065",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2025-9065",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-21158",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21158"
},
{
"db": "NVD",
"id": "CVE-2025-9065"
},
{
"db": "NVD",
"id": "CVE-2025-9065"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash. Rockwell Automation ThinManager is thin client management software from Rockwell Automation. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. An attacker can exploit this vulnerability to forge server-side requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-9065"
},
{
"db": "CNVD",
"id": "CNVD-2025-21158"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-9065",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-21158",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21158"
},
{
"db": "NVD",
"id": "CVE-2025-9065"
}
]
},
"id": "VAR-202509-0772",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21158"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21158"
}
]
},
"last_update_date": "2025-11-18T15:19:26.031000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager Server Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/731231"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21158"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.0
},
{
"problemtype": "CWE-610",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-9065"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1743.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-9065"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21158"
},
{
"db": "NVD",
"id": "CVE-2025-9065"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-21158"
},
{
"db": "NVD",
"id": "CVE-2025-9065"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-21158"
},
{
"date": "2025-09-09T13:15:32.493000",
"db": "NVD",
"id": "CVE-2025-9065"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-21158"
},
{
"date": "2025-10-20T19:17:27.270000",
"db": "NVD",
"id": "CVE-2025-9065"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation ThinManager Server Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-21158"
}
],
"trust": 0.6
}
}
VAR-202409-1723
Vulnerability from variot - Updated: 2024-12-21 23:01CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file. Rockwell Automation of thinmanager Exists in a vulnerability in externally controllable references to resources in another region.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, an American company. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-1723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.2.0 that\u0027s all 13.2.2"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.1.0 that\u0027s all 13.1.3"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0,\u003c=13.1.2"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0,\u003c=13.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"cve": "CVE-2024-45826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-46731",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-45826",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2024-45826",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-45826",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-45826",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-45826",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-45826",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-46731",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CVE-2024-45826 IMPACT\nDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file. Rockwell Automation of thinmanager Exists in a vulnerability in externally controllable references to resources in another region.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, an American company. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-45826"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-45826",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-24-256-25",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94816770",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-46731",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"id": "VAR-202409-1723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
]
},
"last_update_date": "2024-12-21T23:01:33.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634571"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-610",
"trust": 1.0
},
{
"problemtype": "Externally controllable reference to another region resource (CWE-610) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Externally controllable reference to another region resource (CWE-610) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1700.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94816770/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-45826"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"date": "2024-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"date": "2024-09-12T15:18:24.287000",
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"date": "2024-10-03T01:43:00",
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"date": "2024-10-02T14:35:38.017000",
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 Vulnerability in externally controllable references to resources in another region of",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
}
],
"trust": 0.8
}
}
VAR-202410-2617
Vulnerability from variot - Updated: 2024-12-21 19:23CVE-2024-10387 IMPACT
A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time.
Rockwell Automation ThinManager has a denial of service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-2617",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.3"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.8"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.10"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.6"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.9"
},
{
"model": "thinmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.4"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.2.0 that\u0027s all 11.2.10"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "14.0.0"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.2.0 to 13.2.3"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.0.0 that\u0027s all 12.0.8"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.0.0 that\u0027s all 13.0.6"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.1.0 that\u0027s all 12.1.9"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.1.0 to 13.1.4"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0,\u003c=11.2.9"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0,\u003c=12.0.7"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0,\u003c=12.1.8"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0,\u003c=13.0.5"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0,\u003c=13.1.3"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0,\u003c=13.2.2"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "14.0.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"cve": "CVE-2024-10387",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-46726",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-10387",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-10387",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-10387",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-10387",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-10387",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-46726",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CVE-2024-10387 IMPACT\n\n\n\nA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time. \n\nRockwell Automation ThinManager has a denial of service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-10387"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "CNVD",
"id": "CNVD-2024-46726"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-10387",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU97090361",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-305-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-46726",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"id": "VAR-202410-2617",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
}
]
},
"last_update_date": "2024-12-21T19:23:34.691000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634601"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1708.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97090361/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-10387"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-305-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"date": "2024-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"date": "2024-10-25T17:15:04.230000",
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46726"
},
{
"date": "2024-11-06T01:58:00",
"db": "JVNDB",
"id": "JVNDB-2024-012050"
},
{
"date": "2024-11-05T20:05:55.323000",
"db": "NVD",
"id": "CVE-2024-10387"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-012050"
}
],
"trust": 0.8
}
}
VAR-202410-3402
Vulnerability from variot - Updated: 2024-12-21 19:23CVE-2024-10386 IMPACT
An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-3402",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.3"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.8"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "14.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.10"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.6"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.4"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.9"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.2.0 that\u0027s all 13.2.3"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.1.0 that\u0027s all 13.1.4"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.2.0 that\u0027s all 11.2.10"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "14.0.0"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.0.0 that\u0027s all 12.0.8"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.0.0 that\u0027s all 13.0.6"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.1.0 that\u0027s all 12.1.9"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0,\u003c=11.2.9"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0,\u003c=12.0.7"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0,\u003c=12.1.8"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0,\u003c=13.0.5"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0,\u003c=13.1.3"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0,\u003c=13.2.2"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "14.0.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"cve": "CVE-2024-10386",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-46725",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-10386",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-10386",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-10386",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-10386",
"trust": 1.0,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2024-10386",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-46725",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CVE-2024-10386 IMPACT\n\n\n\nAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-10386"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "CNVD",
"id": "CNVD-2024-46725"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-10386",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU97090361",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-305-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-46725",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"id": "VAR-202410-3402",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
}
]
},
"last_update_date": "2024-12-21T19:23:34.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager Authentication Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634596"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1708.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97090361/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-10386"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-305-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"date": "2024-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"date": "2024-10-25T17:15:03.987000",
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46725"
},
{
"date": "2024-11-06T01:18:00",
"db": "JVNDB",
"id": "JVNDB-2024-011988"
},
{
"date": "2024-11-05T20:07:59.487000",
"db": "NVD",
"id": "CVE-2024-10386"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-011988"
}
],
"trust": 0.8
}
}
VAR-202406-2530
Vulnerability from variot - Updated: 2024-09-28 23:19Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-2530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinserver",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"cve": "CVE-2024-5989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38543",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5989",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-5989",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5989",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-5989",
"trust": 1.0,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2024-5989",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-38543",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5989"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5989",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38543",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"id": "VAR-202406-2530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
]
},
"last_update_date": "2024-09-28T23:19:21.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38543)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593051"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1677.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"date": "2024-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"date": "2024-06-25T16:15:25.363000",
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"date": "2024-09-17T02:05:00",
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"date": "2024-09-16T12:08:03.447000",
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 and \u00a0thinserver\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
}
],
"trust": 0.8
}
}
VAR-202406-0976
Vulnerability from variot - Updated: 2024-09-28 23:00Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-0976",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinserver",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"cve": "CVE-2024-5988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38544",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5988",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-5988",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5988",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-5988",
"trust": 1.0,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2024-5988",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-38544",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5988"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5988",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU99141957",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-193-18",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38544",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"id": "VAR-202406-0976",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
]
},
"last_update_date": "2024-09-28T23:00:00.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38544)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593046"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1677.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99141957/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5988"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"date": "2024-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"date": "2024-06-25T16:15:24.937000",
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"date": "2024-09-17T05:13:00",
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"date": "2024-09-16T12:07:20.767000",
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 and \u00a0thinserver\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
}
],
"trust": 0.8
}
}
VAR-202406-2134
Vulnerability from variot - Updated: 2024-09-28 23:00Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-2134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.2"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.4"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.2"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.4"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinserver",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"cve": "CVE-2024-5990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38545",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5990",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-5990",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5990",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-5990",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-5990",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38545",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5990"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5990",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU99141957",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-193-18",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38545",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"id": "VAR-202406-2134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
]
},
"last_update_date": "2024-09-28T23:00:00.755000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38545)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593041"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1677.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99141957/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5990"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"date": "2024-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"date": "2024-06-25T16:15:25.470000",
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"date": "2024-09-17T04:36:00",
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"date": "2024-09-16T11:58:38.363000",
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 and \u00a0thinserver\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
}
],
"trust": 0.8
}
}
VAR-202209-1831
Vulnerability from variot - Updated: 2024-08-14 15:11Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. Rockwell Automation Provided by the company ThinManager ThinServer is a thin client and RDP (( Remote Desktop Protocol ) server management software. ThinManager ThinServer The following vulnerabilities exist in. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of HTTPS traffic. When parsing a URI, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1831",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.2.0 to 11.2.5 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.0.0 to 12.0.2 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.1.0 to 11.1.4 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.1.0 to 12.1.3 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.0.0 to 11.0.4 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
}
],
"trust": 0.7
},
"cve": "CVE-2022-38742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-38742",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-38742",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38742",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-38742",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-38742",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2022-38742",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-38742",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2022-38742",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2416",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. Rockwell Automation Provided by the company ThinManager ThinServer is a thin client and RDP (( Remote Desktop Protocol ) server management software. ThinManager ThinServer The following vulnerabilities exist in. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of HTTPS traffic. When parsing a URI, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web service",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38742",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-270-03",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93951878",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17482",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1302",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-434516",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"id": "VAR-202209-1831",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-434516"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:11:15.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "File\u00a0Parsing\u00a0XML\u00a0Entity\u00a0in\u00a0Multiple\u00a0Products (Login required) Rockwell\u00a0Automation",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134596"
},
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-270-03"
},
{
"title": "Rockwell Automation ThinManager Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209163"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
},
{
"trust": 1.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-270-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93951878/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38742"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-270-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38742/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-28T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-434516"
},
{
"date": "2022-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"date": "2022-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"date": "2022-09-23T16:15:11.570000",
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-28T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"date": "2022-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-434516"
},
{
"date": "2024-06-13T02:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"date": "2022-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"date": "2022-09-26T22:20:15.477000",
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 Made \u00a0ThinManager\u00a0ThinServer\u00a0 Heap-based buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
}
],
"trust": 0.6
}
}
CVE-2025-9065 (GCVE-0-2025-9065)
Vulnerability from nvd – Published: 2025-09-09 12:51 – Updated: 2025-09-09 13:23
VLAI?
Title
Rockwell Automation ThinManager® Server-Side Request Forgery Vulnerability
Summary
A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
13.0 - 14.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:23:19.121711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:23:24.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.0 - 14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash.\u003c/span\u003e"
}
],
"value": "A server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T12:51:42.091Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1743.html"
}
],
"source": {
"advisory": "SD1743",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae Server-Side Request Forgery Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-9065",
"datePublished": "2025-09-09T12:51:42.091Z",
"dateReserved": "2025-08-15T13:58:23.749Z",
"dateUpdated": "2025-09-09T13:23:24.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3618 (GCVE-0-2025-3618)
Vulnerability from nvd – Published: 2025-04-15 17:19 – Updated: 2025-04-17 17:25
VLAI?
Title
Local Privilege Escalation Vulnerability
Summary
A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.
Severity ?
CWE
- 119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
v14.0.1 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T17:40:46.050596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:25:38.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v14.0.1 and earlier"
}
]
}
],
"datePublic": "2025-04-15T17:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.\u003c/span\u003e"
}
],
"value": "A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "119 - Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T17:19:53.368Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCorrected in v11.2.11, 12.0.9, 12.1.10, 13.0.7, 13.1.5, 13.2.4, 14.0.2 and later\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Corrected in v11.2.11, 12.0.9, 12.1.10, 13.0.7, 13.1.5, 13.2.4, 14.0.2 and later"
}
],
"source": {
"advisory": "SD1727",
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-3618",
"datePublished": "2025-04-15T17:19:53.368Z",
"dateReserved": "2025-04-14T23:45:33.404Z",
"dateUpdated": "2025-04-17T17:25:38.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3617 (GCVE-0-2025-3617)
Vulnerability from nvd – Published: 2025-04-15 17:17 – Updated: 2025-04-17 17:25
VLAI?
Title
Local Privilege Escalation in ThinManager®
Summary
A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges.
Severity ?
CWE
- 276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® |
Affected:
14.0.0 & 14.0.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T17:39:24.435001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:25:03.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "14.0.0 \u0026 14.0.1"
}
]
}
],
"datePublic": "2025-04-15T17:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability exists in the Rockwell Automation ThinManager\u003c/span\u003e. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges."
}
],
"value": "A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "276 - Incorrect Default Permissions",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T17:17:25.324Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Corrected in v14.0.2 and later.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Corrected in v14.0.2 and later."
}
],
"source": {
"advisory": "SD1727",
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in ThinManager\u00ae",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-3617",
"datePublished": "2025-04-15T17:17:25.324Z",
"dateReserved": "2025-04-14T23:45:31.896Z",
"dateUpdated": "2025-04-17T17:25:03.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10387 (GCVE-0-2024-10387)
Vulnerability from nvd – Published: 2024-10-25 17:04 – Updated: 2024-10-25 20:14
VLAI?
Title
Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability
Summary
CVE-2024-10387 IMPACT
A Denial-of-Service
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device,
potentially resulting in Denial-of-Service.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | FactoryTalk ThinManager |
Affected:
11.2.0-11.2.9
Affected: 12.0.0-12.0.7 Affected: 12.1.0-12.1.8 Affected: 13.0.0-13.0.5 Affected: 13.1.0-13.1.3 Affected: 13.2.0-13.2.2 Affected: 14.0.0 |
Credits
Tenable Network Security
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.0.5",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.1.3",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:10:20.475990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:14:03.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.2.0-11.2.9"
},
{
"status": "affected",
"version": "12.0.0-12.0.7"
},
{
"status": "affected",
"version": "12.1.0-12.1.8"
},
{
"status": "affected",
"version": "13.0.0-13.0.5"
},
{
"status": "affected",
"version": "13.1.0-13.1.3"
},
{
"status": "affected",
"version": "13.2.0-13.2.2"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tenable Network Security"
}
],
"datePublic": "2024-10-25T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003e\u003cu\u003eCVE-2024-10387 IMPACT\u003c/u\u003e\u003c/b\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\n\n\u003cp\u003eA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service.\u003c/p\u003e"
}
],
"value": "CVE-2024-10387 IMPACT\n\n\n\nA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T17:04:36.334Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003eIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e11.2.10\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.0.8\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.1.9\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e13.0.6 \u003c/p\u003e\n\n\n\n\u003cp\u003e13.1.4 \u003c/p\u003e\n\n\n\n\u003cp\u003e13.2.3 \u003c/p\u003e\n\n\n\n\u003cp\u003e14.0.1\u003c/p\u003e\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "If able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6 \n\n\n\n\n\n13.1.4 \n\n\n\n\n\n13.2.3 \n\n\n\n\n\n14.0.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\u003c/p\u003e\u003cp\u003eImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\u003c/p\u003e\n\n\n\n\u003cp\u003eFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best\npractices\u003c/a\u003e to\nminimize the risk of the vulnerability.\u003c/p\u003e"
}
],
"value": "If able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\n\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-10387",
"datePublished": "2024-10-25T17:04:36.334Z",
"dateReserved": "2024-10-25T12:38:30.428Z",
"dateUpdated": "2024-10-25T20:14:03.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10386 (GCVE-0-2024-10386)
Vulnerability from nvd – Published: 2024-10-25 17:04 – Updated: 2024-10-25 20:17
VLAI?
Title
Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability
Summary
CVE-2024-10386 IMPACT
An authentication
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device, potentially
resulting in database manipulation.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | FactoryTalk ThinManager |
Affected:
11.2.0-11.2.9
Affected: 12.0.0-12.0.7 Affected: 12.1.0-12.1.8 Affected: 13.0.0-13.0.5 Affected: 13.1.0-13.1.3 Affected: 13.2.0-13.2.2 Affected: 14.0.0 |
Credits
Tenable Network Security
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.0.5",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.1.3",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:14:39.256573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:17:55.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.2.0-11.2.9"
},
{
"status": "affected",
"version": "12.0.0-12.0.7"
},
{
"status": "affected",
"version": "12.1.0-12.1.8"
},
{
"status": "affected",
"version": "13.0.0-13.0.5"
},
{
"status": "affected",
"version": "13.1.0-13.1.3"
},
{
"status": "affected",
"version": "13.2.0-13.2.2"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tenable Network Security"
}
],
"datePublic": "2024-10-25T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003e\u003cu\u003eCVE-2024-10386 IMPACT\u003c/u\u003e\u003c/b\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\n\n\u003cp\u003eAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation.\u003c/p\u003e"
}
],
"value": "CVE-2024-10386 IMPACT\n\n\n\nAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T17:04:34.000Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e11.2.10\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.0.8\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.1.9\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e13.0.6\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e13.1.4\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e13.2.3\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e14.0.1\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6\u00a0\n\n\n\n\n\n13.1.4\u00a0\n\n\n\n\n\n13.2.3\u00a0\n\n\n\n\n\n14.0.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best\npractices\u003c/a\u003e to\nminimize the risk of the vulnerability.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-10386",
"datePublished": "2024-10-25T17:04:34.000Z",
"dateReserved": "2024-10-25T12:38:28.748Z",
"dateUpdated": "2024-10-25T20:17:55.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45826 (GCVE-0-2024-45826)
Vulnerability from nvd – Published: 2024-09-12 14:33 – Updated: 2024-09-12 14:58
VLAI?
Title
ThinManager® Code Execution Vulnerability
Summary
CVE-2024-45826 IMPACT
Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
13.1.0-13.1.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "13.1.3",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:57:00.839917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:58:34.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.1.0-13.1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.2.0-13.2.1"
}
]
}
],
"datePublic": "2024-09-12T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CVE-2024-45826 IMPACT\u003cbr\u003eDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file.\u003cbr\u003e"
}
],
"value": "CVE-2024-45826 IMPACT\nDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:33:44.373Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to V13.1.3 or V13.2.2"
}
],
"value": "Upgrade to V13.1.3 or V13.2.2"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ThinManager\u00ae Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-45826",
"datePublished": "2024-09-12T14:33:44.373Z",
"dateReserved": "2024-09-09T19:33:02.444Z",
"dateUpdated": "2024-09-12T14:58:34.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7986 (GCVE-0-2024-7986)
Vulnerability from nvd – Published: 2024-08-23 11:51 – Updated: 2024-08-28 16:21
VLAI?
Title
Rockwell Automation ThinManager® ThinServer™ Information Disclosure
Summary
A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Affected:
11.1.0-11.1.7 11.2.0-11.2.8 12.0.0-12.0.6 12.1.0-12.1.7 13.0.0-13.0.4 13.1.0-13.1.2 13.2.0-13.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T16:20:54.169556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:21:02.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.1.0-11.1.7 11.2.0-11.2.8 12.0.0-12.0.6 12.1.0-12.1.7 13.0.0-13.0.4 13.1.0-13.1.2 13.2.0-13.2.1"
}
]
}
],
"datePublic": "2024-08-22T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in the Rockwell Automation\u0026nbsp;\u003c/span\u003eThinManager\u00ae ThinServer\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethat allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer\u2122 service to read arbitrary files by creating a junction that points to the target directory.\u003c/span\u003e"
}
],
"value": "A vulnerability exists in the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u00a0that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer\u2122 service to read arbitrary files by creating a junction that points to the target directory."
}
],
"impacts": [
{
"capecId": "CAPEC-576",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-576 Group Permission Footprinting"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T11:51:55.080Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eThinManager\u00ae ThinServer\u2122\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0-11.1.7\u003cbr\u003e11.2.0-11.2.8\u003cbr\u003e12.0.0-12.0.6\u003cbr\u003e12.1.0-12.1.7\u003cbr\u003e13.0.0-13.0.4\u003cbr\u003e13.1.0-13.1.2\u003cbr\u003e13.2.0-13.2.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.8\u003c/p\u003e\u003cp\u003e11.2.9\u003c/p\u003e\u003cp\u003e12.0.7\u003c/p\u003e\u003cp\u003e12.1.8\u003c/p\u003e\u003cp\u003e13.0.5\u003c/p\u003e\u003cp\u003e13.1.3\u003c/p\u003e\u003cp\u003e13.2.2\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eCustomers using the affected software are encouraged to implement our suggested security best practices to minimize the risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Affected Product\n\nFirst Known in software version\n\nCorrected in software version\n\nThinManager\u00ae ThinServer\u2122\n\n11.1.0-11.1.7\n11.2.0-11.2.8\n12.0.0-12.0.6\n12.1.0-12.1.7\n13.0.0-13.0.4\n13.1.0-13.1.2\n13.2.0-13.2.1\n\n11.1.8\n\n11.2.9\n\n12.0.7\n\n12.1.8\n\n13.0.5\n\n13.1.3\n\n13.2.2\n\n\nMitigations and Workarounds\n\nCustomers using the affected software are encouraged to implement our suggested security best practices to minimize the risk of vulnerability.\n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"advisory": "SD1692",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae ThinServer\u2122 Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-7986",
"datePublished": "2024-08-23T11:51:55.080Z",
"dateReserved": "2024-08-19T20:06:24.873Z",
"dateUpdated": "2024-08-28T16:21:02.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5990 (GCVE-0-2024-5990)
Vulnerability from nvd – Published: 2024-06-25 16:11 – Updated: 2025-08-27 20:42
VLAI?
Title
ThinManager® ThinServer™ Improper Input Validation Vulnerability
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Affected:
11.1.0
Affected: 11.2.0 Affected: 12.0.0 Affected: 12.1.0 Affected: 13.0.0 Affected: 13.1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:48:23.344377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"datePublic": "2024-06-25T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device. \u003c/span\u003e\n\n"
}
],
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T16:11:01.407Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n \u003cb\u003e\u003c/b\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cb\u003e\n\n\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/b\u003e\u003c/p\u003e\u003cb\u003e\n\n\u003c/b\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-5990",
"datePublished": "2024-06-25T16:11:01.407Z",
"dateReserved": "2024-06-13T20:56:10.603Z",
"dateUpdated": "2025-08-27T20:42:59.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5989 (GCVE-0-2024-5989)
Vulnerability from nvd – Published: 2024-06-25 16:01 – Updated: 2025-08-27 20:42
VLAI?
Title
Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Affected:
11.0.0
Affected: 11.2.0 Affected: 12.0.0 Affected: 12.1.0 Affected: 13.0.0 Affected: 13.1.0 Affected: 13.2.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T17:42:47.931940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
},
{
"status": "affected",
"version": "13.2.0"
}
]
}
],
"datePublic": "2024-06-25T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation\u0026nbsp;ThinManager\u00ae ThinServer\u2122.\u003c/span\u003e"
}
],
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T16:01:39.103Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003cp\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/p\u003e\u003cp\u003e\u00b7 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7 Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-5989",
"datePublished": "2024-06-25T16:01:39.103Z",
"dateReserved": "2024-06-13T20:56:09.876Z",
"dateUpdated": "2025-08-27T20:42:59.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5988 (GCVE-0-2024-5988)
Vulnerability from nvd – Published: 2024-06-25 15:53 – Updated: 2025-08-27 20:42
VLAI?
Title
Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Affected:
11.1.0
Affected: 11.2.0 Affected: 12.0.0 Affected: 12.1.0 Affected: 13.0.0 Affected: 13.1.0 Affected: 13.2.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:49:49.088552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
},
{
"status": "affected",
"version": "13.2.0"
}
]
}
],
"datePublic": "2024-06-25T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThinManager\u00ae ThinServer\u2122.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T16:03:05.556Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/p\u003e\u003cp\u003e\u00b7 Security\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003e\u0026nbsp;Best Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u0026nbsp;\u003c/b\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7 Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security \u00a0Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-5988",
"datePublished": "2024-06-25T15:53:33.899Z",
"dateReserved": "2024-06-13T20:56:08.636Z",
"dateUpdated": "2025-08-27T20:42:59.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2913 (GCVE-0-2023-2913)
Vulnerability from nvd – Published: 2023-07-18 19:52 – Updated: 2025-03-05 18:48
VLAI?
Title
Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability
Summary
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.
Severity ?
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
13.0.0 - 13.0.2
Affected: 13.1.0 |
Credits
Sven Krewitt from Flashpoint.io reported this vulnerability to Rockwell Automation
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140160"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:38:36.636854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:48:42.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sven Krewitt from Flashpoint.io reported this vulnerability to Rockwell Automation"
}
],
"datePublic": "2023-07-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server\u2019s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\u003c/span\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server\u2019s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T19:55:22.920Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140160"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\u003cul\u003e\u003cli\u003eUpdate to the corrected software versions\u003c/li\u003e\u003c/ul\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n * Update to the corrected software versions\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2913",
"datePublished": "2023-07-18T19:52:45.214Z",
"dateReserved": "2023-05-26T13:21:35.457Z",
"dateUpdated": "2025-03-05T18:48:42.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9065 (GCVE-0-2025-9065)
Vulnerability from cvelistv5 – Published: 2025-09-09 12:51 – Updated: 2025-09-09 13:23
VLAI?
Title
Rockwell Automation ThinManager® Server-Side Request Forgery Vulnerability
Summary
A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
13.0 - 14.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:23:19.121711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:23:24.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.0 - 14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash.\u003c/span\u003e"
}
],
"value": "A server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T12:51:42.091Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1743.html"
}
],
"source": {
"advisory": "SD1743",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae Server-Side Request Forgery Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-9065",
"datePublished": "2025-09-09T12:51:42.091Z",
"dateReserved": "2025-08-15T13:58:23.749Z",
"dateUpdated": "2025-09-09T13:23:24.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3618 (GCVE-0-2025-3618)
Vulnerability from cvelistv5 – Published: 2025-04-15 17:19 – Updated: 2025-04-17 17:25
VLAI?
Title
Local Privilege Escalation Vulnerability
Summary
A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.
Severity ?
CWE
- 119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
v14.0.1 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T17:40:46.050596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:25:38.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v14.0.1 and earlier"
}
]
}
],
"datePublic": "2025-04-15T17:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software.\u003c/span\u003e"
}
],
"value": "A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "119 - Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T17:19:53.368Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCorrected in v11.2.11, 12.0.9, 12.1.10, 13.0.7, 13.1.5, 13.2.4, 14.0.2 and later\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Corrected in v11.2.11, 12.0.9, 12.1.10, 13.0.7, 13.1.5, 13.2.4, 14.0.2 and later"
}
],
"source": {
"advisory": "SD1727",
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-3618",
"datePublished": "2025-04-15T17:19:53.368Z",
"dateReserved": "2025-04-14T23:45:33.404Z",
"dateUpdated": "2025-04-17T17:25:38.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3617 (GCVE-0-2025-3617)
Vulnerability from cvelistv5 – Published: 2025-04-15 17:17 – Updated: 2025-04-17 17:25
VLAI?
Title
Local Privilege Escalation in ThinManager®
Summary
A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges.
Severity ?
CWE
- 276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® |
Affected:
14.0.0 & 14.0.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T17:39:24.435001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:25:03.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "14.0.0 \u0026 14.0.1"
}
]
}
],
"datePublic": "2025-04-15T17:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability exists in the Rockwell Automation ThinManager\u003c/span\u003e. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges."
}
],
"value": "A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "276 - Incorrect Default Permissions",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T17:17:25.324Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1727.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Corrected in v14.0.2 and later.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Corrected in v14.0.2 and later."
}
],
"source": {
"advisory": "SD1727",
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in ThinManager\u00ae",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-3617",
"datePublished": "2025-04-15T17:17:25.324Z",
"dateReserved": "2025-04-14T23:45:31.896Z",
"dateUpdated": "2025-04-17T17:25:03.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10387 (GCVE-0-2024-10387)
Vulnerability from cvelistv5 – Published: 2024-10-25 17:04 – Updated: 2024-10-25 20:14
VLAI?
Title
Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability
Summary
CVE-2024-10387 IMPACT
A Denial-of-Service
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device,
potentially resulting in Denial-of-Service.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | FactoryTalk ThinManager |
Affected:
11.2.0-11.2.9
Affected: 12.0.0-12.0.7 Affected: 12.1.0-12.1.8 Affected: 13.0.0-13.0.5 Affected: 13.1.0-13.1.3 Affected: 13.2.0-13.2.2 Affected: 14.0.0 |
Credits
Tenable Network Security
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.0.5",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.1.3",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:10:20.475990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:14:03.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.2.0-11.2.9"
},
{
"status": "affected",
"version": "12.0.0-12.0.7"
},
{
"status": "affected",
"version": "12.1.0-12.1.8"
},
{
"status": "affected",
"version": "13.0.0-13.0.5"
},
{
"status": "affected",
"version": "13.1.0-13.1.3"
},
{
"status": "affected",
"version": "13.2.0-13.2.2"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tenable Network Security"
}
],
"datePublic": "2024-10-25T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003e\u003cu\u003eCVE-2024-10387 IMPACT\u003c/u\u003e\u003c/b\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\n\n\u003cp\u003eA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service.\u003c/p\u003e"
}
],
"value": "CVE-2024-10387 IMPACT\n\n\n\nA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T17:04:36.334Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003eIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e11.2.10\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.0.8\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.1.9\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e13.0.6 \u003c/p\u003e\n\n\n\n\u003cp\u003e13.1.4 \u003c/p\u003e\n\n\n\n\u003cp\u003e13.2.3 \u003c/p\u003e\n\n\n\n\u003cp\u003e14.0.1\u003c/p\u003e\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "If able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6 \n\n\n\n\n\n13.1.4 \n\n\n\n\n\n13.2.3 \n\n\n\n\n\n14.0.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\u003c/p\u003e\u003cp\u003eImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\u003c/p\u003e\n\n\n\n\u003cp\u003eFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best\npractices\u003c/a\u003e to\nminimize the risk of the vulnerability.\u003c/p\u003e"
}
],
"value": "If able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\n\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-10387",
"datePublished": "2024-10-25T17:04:36.334Z",
"dateReserved": "2024-10-25T12:38:30.428Z",
"dateUpdated": "2024-10-25T20:14:03.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10386 (GCVE-0-2024-10386)
Vulnerability from cvelistv5 – Published: 2024-10-25 17:04 – Updated: 2024-10-25 20:17
VLAI?
Title
Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability
Summary
CVE-2024-10386 IMPACT
An authentication
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device, potentially
resulting in database manipulation.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | FactoryTalk ThinManager |
Affected:
11.2.0-11.2.9
Affected: 12.0.0-12.0.7 Affected: 12.1.0-12.1.8 Affected: 13.0.0-13.0.5 Affected: 13.1.0-13.1.3 Affected: 13.2.0-13.2.2 Affected: 14.0.0 |
Credits
Tenable Network Security
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.0.5",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.1.3",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:14:39.256573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:17:55.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.2.0-11.2.9"
},
{
"status": "affected",
"version": "12.0.0-12.0.7"
},
{
"status": "affected",
"version": "12.1.0-12.1.8"
},
{
"status": "affected",
"version": "13.0.0-13.0.5"
},
{
"status": "affected",
"version": "13.1.0-13.1.3"
},
{
"status": "affected",
"version": "13.2.0-13.2.2"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tenable Network Security"
}
],
"datePublic": "2024-10-25T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003e\u003cu\u003eCVE-2024-10386 IMPACT\u003c/u\u003e\u003c/b\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\n\n\u003cp\u003eAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation.\u003c/p\u003e"
}
],
"value": "CVE-2024-10386 IMPACT\n\n\n\nAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T17:04:34.000Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e11.2.10\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.0.8\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e12.1.9\u003cbr\u003e\n\u003c/p\u003e\n\n\u003cp\u003e13.0.6\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e13.1.4\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e13.2.3\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e14.0.1\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6\u00a0\n\n\n\n\n\n13.1.4\u00a0\n\n\n\n\n\n13.2.3\u00a0\n\n\n\n\n\n14.0.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nIf able,\nnavigate to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\"\u003eThinManager\u00ae download site\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e and upgrade to a corrected version of ThinManager\u00ae\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best\npractices\u003c/a\u003e to\nminimize the risk of the vulnerability.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-10386",
"datePublished": "2024-10-25T17:04:34.000Z",
"dateReserved": "2024-10-25T12:38:28.748Z",
"dateUpdated": "2024-10-25T20:17:55.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45826 (GCVE-0-2024-45826)
Vulnerability from cvelistv5 – Published: 2024-09-12 14:33 – Updated: 2024-09-12 14:58
VLAI?
Title
ThinManager® Code Execution Vulnerability
Summary
CVE-2024-45826 IMPACT
Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.
Severity ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
13.1.0-13.1.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "13.1.3",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:57:00.839917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:58:34.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.1.0-13.1.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.2.0-13.2.1"
}
]
}
],
"datePublic": "2024-09-12T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CVE-2024-45826 IMPACT\u003cbr\u003eDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file.\u003cbr\u003e"
}
],
"value": "CVE-2024-45826 IMPACT\nDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:33:44.373Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to V13.1.3 or V13.2.2"
}
],
"value": "Upgrade to V13.1.3 or V13.2.2"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ThinManager\u00ae Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-45826",
"datePublished": "2024-09-12T14:33:44.373Z",
"dateReserved": "2024-09-09T19:33:02.444Z",
"dateUpdated": "2024-09-12T14:58:34.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7986 (GCVE-0-2024-7986)
Vulnerability from cvelistv5 – Published: 2024-08-23 11:51 – Updated: 2024-08-28 16:21
VLAI?
Title
Rockwell Automation ThinManager® ThinServer™ Information Disclosure
Summary
A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Affected:
11.1.0-11.1.7 11.2.0-11.2.8 12.0.0-12.0.6 12.1.0-12.1.7 13.0.0-13.0.4 13.1.0-13.1.2 13.2.0-13.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T16:20:54.169556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:21:02.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.1.0-11.1.7 11.2.0-11.2.8 12.0.0-12.0.6 12.1.0-12.1.7 13.0.0-13.0.4 13.1.0-13.1.2 13.2.0-13.2.1"
}
]
}
],
"datePublic": "2024-08-22T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in the Rockwell Automation\u0026nbsp;\u003c/span\u003eThinManager\u00ae ThinServer\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethat allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer\u2122 service to read arbitrary files by creating a junction that points to the target directory.\u003c/span\u003e"
}
],
"value": "A vulnerability exists in the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u00a0that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer\u2122 service to read arbitrary files by creating a junction that points to the target directory."
}
],
"impacts": [
{
"capecId": "CAPEC-576",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-576 Group Permission Footprinting"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T11:51:55.080Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eThinManager\u00ae ThinServer\u2122\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0-11.1.7\u003cbr\u003e11.2.0-11.2.8\u003cbr\u003e12.0.0-12.0.6\u003cbr\u003e12.1.0-12.1.7\u003cbr\u003e13.0.0-13.0.4\u003cbr\u003e13.1.0-13.1.2\u003cbr\u003e13.2.0-13.2.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.8\u003c/p\u003e\u003cp\u003e11.2.9\u003c/p\u003e\u003cp\u003e12.0.7\u003c/p\u003e\u003cp\u003e12.1.8\u003c/p\u003e\u003cp\u003e13.0.5\u003c/p\u003e\u003cp\u003e13.1.3\u003c/p\u003e\u003cp\u003e13.2.2\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eCustomers using the affected software are encouraged to implement our suggested security best practices to minimize the risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Affected Product\n\nFirst Known in software version\n\nCorrected in software version\n\nThinManager\u00ae ThinServer\u2122\n\n11.1.0-11.1.7\n11.2.0-11.2.8\n12.0.0-12.0.6\n12.1.0-12.1.7\n13.0.0-13.0.4\n13.1.0-13.1.2\n13.2.0-13.2.1\n\n11.1.8\n\n11.2.9\n\n12.0.7\n\n12.1.8\n\n13.0.5\n\n13.1.3\n\n13.2.2\n\n\nMitigations and Workarounds\n\nCustomers using the affected software are encouraged to implement our suggested security best practices to minimize the risk of vulnerability.\n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"advisory": "SD1692",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae ThinServer\u2122 Information Disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-7986",
"datePublished": "2024-08-23T11:51:55.080Z",
"dateReserved": "2024-08-19T20:06:24.873Z",
"dateUpdated": "2024-08-28T16:21:02.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5990 (GCVE-0-2024-5990)
Vulnerability from cvelistv5 – Published: 2024-06-25 16:11 – Updated: 2025-08-27 20:42
VLAI?
Title
ThinManager® ThinServer™ Improper Input Validation Vulnerability
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Affected:
11.1.0
Affected: 11.2.0 Affected: 12.0.0 Affected: 12.1.0 Affected: 13.0.0 Affected: 13.1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:48:23.344377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"datePublic": "2024-06-25T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device. \u003c/span\u003e\n\n"
}
],
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T16:11:01.407Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n \u003cb\u003e\u003c/b\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cb\u003e\n\n\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/b\u003e\u003c/p\u003e\u003cb\u003e\n\n\u003c/b\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-5990",
"datePublished": "2024-06-25T16:11:01.407Z",
"dateReserved": "2024-06-13T20:56:10.603Z",
"dateUpdated": "2025-08-27T20:42:59.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5989 (GCVE-0-2024-5989)
Vulnerability from cvelistv5 – Published: 2024-06-25 16:01 – Updated: 2025-08-27 20:42
VLAI?
Title
Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Affected:
11.0.0
Affected: 11.2.0 Affected: 12.0.0 Affected: 12.1.0 Affected: 13.0.0 Affected: 13.1.0 Affected: 13.2.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T17:42:47.931940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
},
{
"status": "affected",
"version": "13.2.0"
}
]
}
],
"datePublic": "2024-06-25T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation\u0026nbsp;ThinManager\u00ae ThinServer\u2122.\u003c/span\u003e"
}
],
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T16:01:39.103Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003cp\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/p\u003e\u003cp\u003e\u00b7 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7 Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-5989",
"datePublished": "2024-06-25T16:01:39.103Z",
"dateReserved": "2024-06-13T20:56:09.876Z",
"dateUpdated": "2025-08-27T20:42:59.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5988 (GCVE-0-2024-5988)
Vulnerability from cvelistv5 – Published: 2024-06-25 15:53 – Updated: 2025-08-27 20:42
VLAI?
Title
Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Affected:
11.1.0
Affected: 11.2.0 Affected: 12.0.0 Affected: 12.1.0 Affected: 13.0.0 Affected: 13.1.0 Affected: 13.2.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:49:49.088552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
},
{
"status": "affected",
"version": "13.2.0"
}
]
}
],
"datePublic": "2024-06-25T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThinManager\u00ae ThinServer\u2122.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T16:03:05.556Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/p\u003e\u003cp\u003e\u00b7 Security\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003e\u0026nbsp;Best Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u0026nbsp;\u003c/b\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7 Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security \u00a0Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-5988",
"datePublished": "2024-06-25T15:53:33.899Z",
"dateReserved": "2024-06-13T20:56:08.636Z",
"dateUpdated": "2025-08-27T20:42:59.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2913 (GCVE-0-2023-2913)
Vulnerability from cvelistv5 – Published: 2023-07-18 19:52 – Updated: 2025-03-05 18:48
VLAI?
Title
Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability
Summary
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.
Severity ?
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
13.0.0 - 13.0.2
Affected: 13.1.0 |
Credits
Sven Krewitt from Flashpoint.io reported this vulnerability to Rockwell Automation
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140160"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:38:36.636854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:48:42.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sven Krewitt from Flashpoint.io reported this vulnerability to Rockwell Automation"
}
],
"datePublic": "2023-07-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server\u2019s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\u003c/span\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server\u2019s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T19:55:22.920Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140160"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\u003cul\u003e\u003cli\u003eUpdate to the corrected software versions\u003c/li\u003e\u003c/ul\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n * Update to the corrected software versions\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2913",
"datePublished": "2023-07-18T19:52:45.214Z",
"dateReserved": "2023-05-26T13:21:35.457Z",
"dateUpdated": "2025-03-05T18:48:42.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}