Vulnerabilites related to rockwellautomation - thinserver
Vulnerability from fkie_nvd
Published
2024-06-25 16:15
Modified
2024-11-21 09:48
Severity ?
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC59B57-F8F5-4979-826B-EAA0A8456B2A",
"versionEndExcluding": "11.1.8",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79481998-C98B-4486-A2DC-C4DE324DCA10",
"versionEndExcluding": "11.2.9",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD553E2-EB04-4D97-AD70-2175933E3DCD",
"versionEndExcluding": "12.0.7",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5BBCD2-0C47-4B48-81DD-D56D5677BFA0",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEDB253-45FB-4722-994A-E0EF00C7F405",
"versionEndExcluding": "13.0.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2FB9C58-1AAF-46CB-BBB5-909223EE5572",
"versionEndExcluding": "13.1.3",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3AA59A-9CA4-4CD0-981C-B974A94BAC30",
"versionEndExcluding": "13.2.2",
"versionStartIncluding": "13.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33A7D7B2-945B-48AD-AD65-C1DDD52811DC",
"versionEndExcluding": "11.1.8",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "808EDF9D-E721-4513-8AC9-A7B86163F0AE",
"versionEndExcluding": "11.2.9",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D00E4B0-2B55-460B-B394-BE0E379144FA",
"versionEndExcluding": "12.0.7",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2E6604-AED5-4099-B2EB-E33F15095C6A",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7229242B-0780-4E55-9088-7FCA82C24FE0",
"versionEndExcluding": "13.0.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA376CA1-C47D-45C2-B906-8CCCDF5B83D5",
"versionEndExcluding": "13.1.3",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12658E67-3F63-451F-95AC-3191F2043014",
"versionEndExcluding": "13.2.2",
"versionStartIncluding": "13.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122."
},
{
"lang": "es",
"value": "Debido a una validaci\u00f3n de entrada incorrecta, un actor de amenazas no autenticado puede enviar un mensaje malicioso para invocar una inyecci\u00f3n SQL en el programa y provocar una condici\u00f3n de ejecuci\u00f3n remota de c\u00f3digo en el ThinManager\u00ae ThinServer\u2122 de Rockwell Automation."
}
],
"id": "CVE-2024-5989",
"lastModified": "2024-11-21T09:48:42.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
}
]
},
"published": "2024-06-25T16:15:25.363",
"references": [
{
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-25 16:15
Modified
2024-11-21 09:48
Severity ?
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC59B57-F8F5-4979-826B-EAA0A8456B2A",
"versionEndExcluding": "11.1.8",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79481998-C98B-4486-A2DC-C4DE324DCA10",
"versionEndExcluding": "11.2.9",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD553E2-EB04-4D97-AD70-2175933E3DCD",
"versionEndExcluding": "12.0.7",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5BBCD2-0C47-4B48-81DD-D56D5677BFA0",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEDB253-45FB-4722-994A-E0EF00C7F405",
"versionEndExcluding": "13.0.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2FB9C58-1AAF-46CB-BBB5-909223EE5572",
"versionEndExcluding": "13.1.3",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3AA59A-9CA4-4CD0-981C-B974A94BAC30",
"versionEndExcluding": "13.2.2",
"versionStartIncluding": "13.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33A7D7B2-945B-48AD-AD65-C1DDD52811DC",
"versionEndExcluding": "11.1.8",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "808EDF9D-E721-4513-8AC9-A7B86163F0AE",
"versionEndExcluding": "11.2.9",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D00E4B0-2B55-460B-B394-BE0E379144FA",
"versionEndExcluding": "12.0.7",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2E6604-AED5-4099-B2EB-E33F15095C6A",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7229242B-0780-4E55-9088-7FCA82C24FE0",
"versionEndExcluding": "13.0.5",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA376CA1-C47D-45C2-B906-8CCCDF5B83D5",
"versionEndExcluding": "13.1.3",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12658E67-3F63-451F-95AC-3191F2043014",
"versionEndExcluding": "13.2.2",
"versionStartIncluding": "13.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122."
},
{
"lang": "es",
"value": "Debido a una validaci\u00f3n de entrada incorrecta, un actor de amenazas no autenticado puede enviar un mensaje malicioso para invocar un ejecutable local o remoto y provocar una condici\u00f3n de ejecuci\u00f3n remota de c\u00f3digo en el ThinManager\u00ae ThinServer\u2122 de Rockwell Automation."
}
],
"id": "CVE-2024-5988",
"lastModified": "2024-11-21T09:48:42.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
}
]
},
"published": "2024-06-25T16:15:24.937",
"references": [
{
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-25 16:15
Modified
2024-11-21 09:48
Severity ?
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC59B57-F8F5-4979-826B-EAA0A8456B2A",
"versionEndExcluding": "11.1.8",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79481998-C98B-4486-A2DC-C4DE324DCA10",
"versionEndExcluding": "11.2.9",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD553E2-EB04-4D97-AD70-2175933E3DCD",
"versionEndExcluding": "12.0.7",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5BBCD2-0C47-4B48-81DD-D56D5677BFA0",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74B76C09-5C22-4D58-85AC-D9D643F3AB73",
"versionEndExcluding": "13.0.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2789DF38-D501-415B-8D62-D3B7324B977E",
"versionEndExcluding": "13.1.2",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33A7D7B2-945B-48AD-AD65-C1DDD52811DC",
"versionEndExcluding": "11.1.8",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "808EDF9D-E721-4513-8AC9-A7B86163F0AE",
"versionEndExcluding": "11.2.9",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D00E4B0-2B55-460B-B394-BE0E379144FA",
"versionEndExcluding": "12.0.7",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2E6604-AED5-4099-B2EB-E33F15095C6A",
"versionEndExcluding": "12.1.8",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F115CDD-5656-4133-8976-69C9DE85CED3",
"versionEndExcluding": "13.0.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED71D3B-5B11-48D7-9886-BA221CAB0F14",
"versionEndExcluding": "13.1.2",
"versionStartIncluding": "13.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device."
},
{
"lang": "es",
"value": "Debido a una validaci\u00f3n de entrada incorrecta, un actor de amenazas no autenticado puede enviar un mensaje malicioso a un hilo de monitor dentro de Rockwell Automation ThinServer\u2122 y provocar una condici\u00f3n de denegaci\u00f3n de servicio en el dispositivo afectado."
}
],
"id": "CVE-2024-5990",
"lastModified": "2024-11-21T09:48:42.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
}
]
},
"published": "2024-06-25T16:15:25.470",
"references": [
{
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202406-2134
Vulnerability from variot
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-2134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.2"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.4"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.2"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.4"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinserver",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"cve": "CVE-2024-5990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38545",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5990",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-5990",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5990",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-5990",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-5990",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38545",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5990"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5990",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU99141957",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-193-18",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38545",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"id": "VAR-202406-2134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
]
},
"last_update_date": "2024-09-28T23:00:00.755000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38545)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593041"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1677.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99141957/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5990"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"date": "2024-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"date": "2024-06-25T16:15:25.470000",
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38545"
},
{
"date": "2024-09-17T04:36:00",
"db": "JVNDB",
"id": "JVNDB-2024-008066"
},
{
"date": "2024-09-16T11:58:38.363000",
"db": "NVD",
"id": "CVE-2024-5990"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 and \u00a0thinserver\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008066"
}
],
"trust": 0.8
}
}
var-202406-0976
Vulnerability from variot
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-0976",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinserver",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"cve": "CVE-2024-5988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38544",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5988",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-5988",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5988",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-5988",
"trust": 1.0,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2024-5988",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-38544",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5988"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5988",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU99141957",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-193-18",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38544",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"id": "VAR-202406-0976",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
]
},
"last_update_date": "2024-09-28T23:00:00.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38544)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593046"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1677.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99141957/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5988"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"date": "2024-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"date": "2024-06-25T16:15:24.937000",
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38544"
},
{
"date": "2024-09-17T05:13:00",
"db": "JVNDB",
"id": "JVNDB-2024-008106"
},
{
"date": "2024-09-16T12:07:20.767000",
"db": "NVD",
"id": "CVE-2024-5988"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 and \u00a0thinserver\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008106"
}
],
"trust": 0.8
}
}
var-202406-2530
Vulnerability from variot
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-2530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.8"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.3"
},
{
"model": "thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.8"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.7"
},
{
"model": "thinmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.5"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.0"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.2.2"
},
{
"model": "thinserver",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.9"
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinserver",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "11.2.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "12.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.0.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.1.0"
},
{
"model": "automation thinmanager thinserver",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "13.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"cve": "CVE-2024-5989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38543",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5989",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-5989",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5989",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-5989",
"trust": 1.0,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2024-5989",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-38543",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5989"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5989",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38543",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"id": "VAR-202406-2530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
]
},
"last_update_date": "2024-09-28T23:19:21.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability (CNVD-2024-38543)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593051"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1677.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"date": "2024-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"date": "2024-06-25T16:15:25.363000",
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38543"
},
{
"date": "2024-09-17T02:05:00",
"db": "JVNDB",
"id": "JVNDB-2024-008053"
},
{
"date": "2024-09-16T12:08:03.447000",
"db": "NVD",
"id": "CVE-2024-5989"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0thinmanager\u00a0 and \u00a0thinserver\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008053"
}
],
"trust": 0.8
}
}
CVE-2024-5989 (GCVE-0-2024-5989)
Vulnerability from cvelistv5
Published
2024-06-25 16:01
Modified
2025-08-27 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Version: 11.0.0 Version: 11.2.0 Version: 12.0.0 Version: 12.1.0 Version: 13.0.0 Version: 13.1.0 Version: 13.2.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T17:42:47.931940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
},
{
"status": "affected",
"version": "13.2.0"
}
]
}
],
"datePublic": "2024-06-25T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation\u0026nbsp;ThinManager\u00ae ThinServer\u2122.\u003c/span\u003e"
}
],
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T16:01:39.103Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003cp\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/p\u003e\u003cp\u003e\u00b7 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7 Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-5989",
"datePublished": "2024-06-25T16:01:39.103Z",
"dateReserved": "2024-06-13T20:56:09.876Z",
"dateUpdated": "2025-08-27T20:42:59.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5988 (GCVE-0-2024-5988)
Vulnerability from cvelistv5
Published
2024-06-25 15:53
Modified
2025-08-27 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Version: 11.1.0 Version: 11.2.0 Version: 12.0.0 Version: 12.1.0 Version: 13.0.0 Version: 13.1.0 Version: 13.2.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
},
{
"lessThan": "13.2.2",
"status": "affected",
"version": "13.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:49:49.088552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
},
{
"status": "affected",
"version": "13.2.0"
}
]
}
],
"datePublic": "2024-06-25T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThinManager\u00ae ThinServer\u2122.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T16:03:05.556Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/p\u003e\u003cp\u003e\u00b7 Security\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003e\u0026nbsp;Best Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u0026nbsp;\u003c/b\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7 Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security \u00a0Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-5988",
"datePublished": "2024-06-25T15:53:33.899Z",
"dateReserved": "2024-06-13T20:56:08.636Z",
"dateUpdated": "2025-08-27T20:42:59.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5990 (GCVE-0-2024-5990)
Vulnerability from cvelistv5
Published
2024-06-25 16:11
Modified
2025-08-27 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager® ThinServer™ |
Version: 11.1.0 Version: 11.2.0 Version: 12.0.0 Version: 12.1.0 Version: 13.0.0 Version: 13.1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "11.1.8",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThan": "11.2.9",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThan": "12.0.7",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThan": "12.1.8",
"status": "affected",
"version": "12.1.0",
"versionType": "custom"
},
{
"lessThan": "13.0.4",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
},
{
"lessThan": "13.1.2",
"status": "affected",
"version": "13.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:48:23.344377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:59.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager\u00ae ThinServer\u2122",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.1.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"datePublic": "2024-06-25T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device. \u003c/span\u003e\n\n"
}
],
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T16:11:01.407Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n \u003cb\u003e\u003c/b\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cb\u003e\n\n\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u00b7 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/b\u003e\u003c/p\u003e\u003cb\u003e\n\n\u003c/b\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-5990",
"datePublished": "2024-06-25T16:11:01.407Z",
"dateReserved": "2024-06-13T20:56:10.603Z",
"dateUpdated": "2025-08-27T20:42:59.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}