VAR-202409-1723
Vulnerability from variot - Updated: 2024-12-21 23:01CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file. Rockwell Automation of thinmanager Exists in a vulnerability in externally controllable references to resources in another region.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, an American company. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-1723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.2.0 that\u0027s all 13.2.2"
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.1.0 that\u0027s all 13.1.3"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0,\u003c=13.1.2"
},
{
"model": "automation rockwell automation thinmanager",
"scope": "gte",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0,\u003c=13.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"cve": "CVE-2024-45826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-46731",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-45826",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2024-45826",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-45826",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-45826",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-45826",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-45826",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-46731",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CVE-2024-45826 IMPACT\nDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager\u00ae processes a crafted POST request. If exploited, a user can install an executable file. Rockwell Automation of thinmanager Exists in a vulnerability in externally controllable references to resources in another region.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, an American company. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-45826"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-45826",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-24-256-25",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94816770",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-46731",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"id": "VAR-202409-1723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
]
},
"last_update_date": "2024-12-21T23:01:33.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634571"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-610",
"trust": 1.0
},
{
"problemtype": "Externally controllable reference to another region resource (CWE-610) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Externally controllable reference to another region resource (CWE-610) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1700.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94816770/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-45826"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"date": "2024-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"date": "2024-09-12T15:18:24.287000",
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46731"
},
{
"date": "2024-10-03T01:43:00",
"db": "JVNDB",
"id": "JVNDB-2024-009635"
},
{
"date": "2024-10-02T14:35:38.017000",
"db": "NVD",
"id": "CVE-2024-45826"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 Vulnerability in externally controllable references to resources in another region of",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009635"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…