Vulnerability-Lookup

VAR-202406-2134

Vulnerability from variot - Updated: 2024-09-28 23:00

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202406-2134",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "thinmanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.1.0"
      },
      {
        "model": "thinmanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.1.2"
      },
      {
        "model": "thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.1.0"
      },
      {
        "model": "thinmanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.1.8"
      },
      {
        "model": "thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.1.8"
      },
      {
        "model": "thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.0.0"
      },
      {
        "model": "thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.0.0"
      },
      {
        "model": "thinmanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.0.4"
      },
      {
        "model": "thinmanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.0.7"
      },
      {
        "model": "thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.2.0"
      },
      {
        "model": "thinmanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.1.0"
      },
      {
        "model": "thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.1.2"
      },
      {
        "model": "thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.1.8"
      },
      {
        "model": "thinmanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.0.0"
      },
      {
        "model": "thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.1.0"
      },
      {
        "model": "thinmanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.0.0"
      },
      {
        "model": "thinmanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.2.9"
      },
      {
        "model": "thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.0.4"
      },
      {
        "model": "thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.1.0"
      },
      {
        "model": "thinmanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.2.0"
      },
      {
        "model": "thinmanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.1.8"
      },
      {
        "model": "thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.0.7"
      },
      {
        "model": "thinmanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.1.0"
      },
      {
        "model": "thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.2.9"
      },
      {
        "model": "thinmanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": null
      },
      {
        "model": "thinserver",
        "scope": null,
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": null
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "11.1.0"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "11.2.0"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "12.0.0"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "12.1.0"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "13.0.0"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "13.1.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008066"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-5990"
      }
    ]
  },
  "cve": "CVE-2024-5990",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2024-38545",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2024-5990",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2024-5990",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2024-5990",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "PSIRT@rockwellautomation.com",
            "id": "CVE-2024-5990",
            "trust": 1.0,
            "value": "High"
          },
          {
            "author": "NVD",
            "id": "CVE-2024-5990",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2024-38545",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008066"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-5990"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-5990"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-5990"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008066"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-5990",
        "trust": 3.2
      },
      {
        "db": "JVN",
        "id": "JVNVU99141957",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-193-18",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008066",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-38545",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008066"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-5990"
      }
    ]
  },
  "id": "VAR-202406-2134",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      }
    ]
  },
  "last_update_date": "2024-09-28T23:00:00.755000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38545)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/593041"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008066"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-5990"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1677.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99141957/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-5990"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-18"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008066"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-5990"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008066"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-5990"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-09-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      },
      {
        "date": "2024-09-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-008066"
      },
      {
        "date": "2024-06-25T16:15:25.470000",
        "db": "NVD",
        "id": "CVE-2024-5990"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-09-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-38545"
      },
      {
        "date": "2024-09-17T04:36:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-008066"
      },
      {
        "date": "2024-09-16T11:58:38.363000",
        "db": "NVD",
        "id": "CVE-2024-5990"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 and \u00a0thinserver\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008066"
      }
    ],
    "trust": 0.8
  }
}

CVE-2024-5990 (GCVE-0-2024-5990)

Vulnerability from cvelistv5 – Published: 2024-06-25 16:11 – Updated: 2025-08-27 20:42

Title

ThinManager® ThinServer™ Improper Input Validation Vulnerability

Summary

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-20 - Improper Input Validation

Assigner

Rockwell

References

URL

Tags

https://www.rockwellautomation.com/en-us/trust-ce…

Impacted products

	Vendor	Product	Version
	Rockwell Automation	ThinManager® ThinServer™	Affected: 11.1.0 Affected: 11.2.0 Affected: 12.0.0 Affected: 12.1.0 Affected: 13.0.0 Affected: 13.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T13:48:23.344377Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T20:42:59.671Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:25:03.210Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ThinManager\u00ae ThinServer\u2122",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "11.1.0"
            },
            {
              "status": "affected",
              "version": "11.2.0"
            },
            {
              "status": "affected",
              "version": "12.0.0"
            },
            {
              "status": "affected",
              "version": "12.1.0"
            },
            {
              "status": "affected",
              "version": "13.0.0"
            },
            {
              "status": "affected",
              "version": "13.1.0"
            }
          ]
        }
      ],
      "datePublic": "2024-06-25T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device. \u003c/span\u003e\n\n"
            }
          ],
          "value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T16:11:01.407Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n \u003cb\u003e\u003c/b\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cb\u003e\n\n\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/b\u003e\u003c/p\u003e\u003cb\u003e\n\n\u003c/b\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7Update to the corrected software versions via the  ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7  Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-5990",
    "datePublished": "2024-06-25T16:11:01.407Z",
    "dateReserved": "2024-06-13T20:56:10.603Z",
    "dateUpdated": "2025-08-27T20:42:59.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202406-2134

CVE-2024-5990 (GCVE-0-2024-5990)

Tags

Sightings

Nomenclature