Vulnerability-Lookup

VAR-202408-2335

Vulnerability from variot - Updated: 2025-11-18 15:36

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ThinServer service which listens on TCP port 2031 by default. The issue results from the lack of proper access controls set on resources used by the service. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202408-2335",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "thinmanager thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.0.0"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.1.0"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.1.3"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.1.0"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.0.5"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.2.0"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.2.2"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.0.0"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.0.7"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "13.2.0"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.1.8"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "12.1.8"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.1.0"
      },
      {
        "model": "thinmanager thinserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "11.2.9"
      },
      {
        "model": "thinmanager",
        "scope": null,
        "trust": 0.7,
        "vendor": "rockwell automation",
        "version": null
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "1.1.0,\u003c=11.1.7"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "11.2.0,\u003c=11.2.8"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "12.0.0,\u003c=12.0.6"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "12.1.0,\u003c=12.1.7"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "13.0.0,\u003c=13.0.4"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "13.1.0,\u003c=13.1.2"
      },
      {
        "model": "automation thinmanager thinserver",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "13.2.0,\u003c=13.2.1"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-1157"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-7987"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-1157"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2024-7987",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2024-46734",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2024-7987",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2024-7987",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2024-7987",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "PSIRT@rockwellautomation.com",
            "id": "CVE-2024-7987",
            "trust": 1.0,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2024-7987",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2024-46734",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-1157"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-7987"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-7987"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A remote code execution vulnerability exists in the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122\nthat allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer\u2122 service by creating a junction and use it to upload arbitrary files. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ThinServer service which listens on TCP port 2031 by default. The issue results from the lack of proper access controls set on resources used by the service. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-7987"
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-1157"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-7987",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-24-1157",
        "trust": 1.3
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-24006",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-46734",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-1157"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-7987"
      }
    ]
  },
  "id": "VAR-202408-2335",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      }
    ]
  },
  "last_update_date": "2025-11-18T15:36:52.882000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Rockwell Automation has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.rockwellautomation.com/en-ca/trust-center/security-advisories/advisory.SD1692.html"
      },
      {
        "title": "Patch for Rockwell Automation ThinManager ThinServer Remote Code Execution Vulnerability (CNVD-2024-46734)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/634611"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-1157"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-434",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-7987"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1692.html"
      },
      {
        "trust": 0.7,
        "url": "https://www.rockwellautomation.com/en-ca/trust-center/security-advisories/advisory.sd1692.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-24-1157/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-1157"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-7987"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-24-1157"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-7987"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-08-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-1157"
      },
      {
        "date": "2024-12-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      },
      {
        "date": "2024-08-26T15:15:09.047000",
        "db": "NVD",
        "id": "CVE-2024-7987"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-08-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-24-1157"
      },
      {
        "date": "2024-12-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-46734"
      },
      {
        "date": "2025-10-21T18:58:40.313000",
        "db": "NVD",
        "id": "CVE-2024-7987"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rockwell Automation ThinManager ThinServer Arbitrary File Creation Privilege Escalation Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-24-1157"
      }
    ],
    "trust": 0.7
  }
}

CVE-2024-7987 (GCVE-0-2024-7987)

Vulnerability from cvelistv5 – Published: 2024-08-26 14:40 – Updated: 2024-08-26 17:29

Title

Rockwell Automation ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities

Summary

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

ThinManager® ThinServer™ Remote Code Execution

Assigner

Rockwell

References

URL

Tags

https://www.rockwellautomation.com/en-us/trust-ce…

Impacted products

	Vendor	Product	Version
	Rockwell Automation	ThinManager® ThinServer™	Affected: 11.1.0-11.1.7 11.2.0-11.2.8 12.0.0-12.0.6 12.1.0-12.1.7 13.0.0-13.0.4 13.1.0-13.1.2 13.2.0-13.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager_thinserver",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThanOrEqual": "11.1.7",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "11.2.8",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "12.0.6",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "12.1.7",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "13.2.1",
                "status": "affected",
                "version": "13.2.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7987",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-26T17:20:29.756565Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-434",
                "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T17:29:09.449Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ThinManager\u00ae ThinServer\u2122",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "11.1.0-11.1.7 11.2.0-11.2.8 12.0.0-12.0.6 12.1.0-12.1.7 13.0.0-13.0.4 13.1.0-13.1.2 13.2.0-13.2.1"
            }
          ]
        }
      ],
      "datePublic": "2024-08-26T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote code execution vulnerability exists in the Rockwell Automation\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThinManager\u00ae ThinServer\u2122\u003c/span\u003e\nthat allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer\u2122 service by creating a junction and use it to upload arbitrary files.\u0026nbsp;\u003c/span\u003e"
            }
          ],
          "value": "A remote code execution vulnerability exists in the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122\nthat allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer\u2122 service by creating a junction and use it to upload arbitrary files."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-576",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-576 Group Permission Footprinting"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "ThinManager\u00ae ThinServer\u2122 Remote Code Execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-26T14:40:29.255Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003effected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eThinManager\u00ae ThinServer\u2122\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0-11.1.7\u003cbr\u003e11.2.0-11.2.8\u003cbr\u003e12.0.0-12.0.6\u003cbr\u003e12.1.0-12.1.7\u003cbr\u003e13.0.0-13.0.4\u003cbr\u003e13.1.0-13.1.2\u003cbr\u003e13.2.0-13.2.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.8\u003c/p\u003e\u003cp\u003e11.2.9\u003c/p\u003e\u003cp\u003e12.0.7\u003c/p\u003e\u003cp\u003e12.1.8\u003c/p\u003e\u003cp\u003e13.0.5\u003c/p\u003e\u003cp\u003e13.1.3\u003c/p\u003e\u003cp\u003e13.2.2\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds\u003c/b\u003e\u003c/p\u003e\u003cp\u003eCustomers using the affected software are encouraged to implement our suggested security best practices to minimize the risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "ffected Product\n\nFirst Known in software version\n\nCorrected in software version\n\nThinManager\u00ae ThinServer\u2122\n\n11.1.0-11.1.7\n11.2.0-11.2.8\n12.0.0-12.0.6\n12.1.0-12.1.7\n13.0.0-13.0.4\n13.1.0-13.1.2\n13.2.0-13.2.1\n\n11.1.8\n\n11.2.9\n\n12.0.7\n\n12.1.8\n\n13.0.5\n\n13.1.3\n\n13.2.2\n\n\n\n\nMitigations and Workarounds\n\nCustomers using the affected software are encouraged to implement our suggested security best practices to minimize the risk of vulnerability.\n\n\u00b7 \u00a0 \u00a0 \u00a0  Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "advisory": "SD1692",
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation ThinManager\u00ae ThinServer\u2122 Information Disclosure and Remote Code Execution Vulnerabilities",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-7987",
    "datePublished": "2024-08-26T14:40:29.255Z",
    "dateReserved": "2024-08-19T20:06:26.723Z",
    "dateUpdated": "2024-08-26T17:29:09.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202408-2335

CVE-2024-7987 (GCVE-0-2024-7987)

Tags

Sightings

Nomenclature