cnvd - cnvd-2024-38544

cnvd-2024-38544

Vulnerability from cnvd

Title: Rockwell Automation ThinManager ThinServer输入验证错误漏洞（CNVD-2024-38544）

Description:

Rockwell Automation ThinManager是美国罗克韦尔（Rockwell Automation）公司的一款瘦客户端管理软件。允许将瘦客户端同时分配给多个远程桌面服务器。

Rockwell Automation ThinManager ThinServer存在输入验证错误漏洞，攻击者可利用该漏洞发送恶意消息来调用本地或远程可执行文件，并在受影响的设备上导致远程代码执行条件。

Severity: 高

Patch Name: Rockwell Automation ThinManager ThinServer输入验证错误漏洞（CNVD-2024-38544）的补丁

Patch Description:

Rockwell Automation ThinManager是美国罗克韦尔（Rockwell Automation）公司的一款瘦客户端管理软件。允许将瘦客户端同时分配给多个远程桌面服务器。

Rockwell Automation ThinManager ThinServer存在输入验证错误漏洞，攻击者可利用该漏洞发送恶意消息来调用本地或远程可执行文件，并在受影响的设备上导致远程代码执行条件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html

Reference: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html

Impacted products

Name
['Rockwell Automation ThinManager ThinServer 11.1.0', 'Rockwell Automation ThinManager ThinServer 11.2.0', 'Rockwell Automation ThinManager ThinServer 12.0.0', 'Rockwell Automation ThinManager ThinServer 12.1.0', 'Rockwell Automation ThinManager ThinServer 13.0.0', 'Rockwell Automation ThinManager ThinServer 13.1.0', 'Rockwell Automation ThinManager ThinServer 13.2.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-5988",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-5988"
    }
  },
  "description": "Rockwell Automation ThinManager\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7626\u5ba2\u6237\u7aef\u7ba1\u7406\u8f6f\u4ef6\u3002\u5141\u8bb8\u5c06\u7626\u5ba2\u6237\u7aef\u540c\u65f6\u5206\u914d\u7ed9\u591a\u4e2a\u8fdc\u7a0b\u684c\u9762\u670d\u52a1\u5668\u3002\n\nRockwell Automation ThinManager ThinServer\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u9001\u6076\u610f\u6d88\u606f\u6765\u8c03\u7528\u672c\u5730\u6216\u8fdc\u7a0b\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u5e76\u5728\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u4e0a\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6761\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38544",
  "openTime": "2024-09-19",
  "patchDescription": "Rockwell Automation ThinManager\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7626\u5ba2\u6237\u7aef\u7ba1\u7406\u8f6f\u4ef6\u3002\u5141\u8bb8\u5c06\u7626\u5ba2\u6237\u7aef\u540c\u65f6\u5206\u914d\u7ed9\u591a\u4e2a\u8fdc\u7a0b\u684c\u9762\u670d\u52a1\u5668\u3002\r\n\r\nRockwell Automation ThinManager ThinServer\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u9001\u6076\u610f\u6d88\u606f\u6765\u8c03\u7528\u672c\u5730\u6216\u8fdc\u7a0b\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u5e76\u5728\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u4e0a\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6761\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rockwell Automation ThinManager ThinServer\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-38544\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rockwell Automation ThinManager ThinServer 11.1.0",
      "Rockwell Automation ThinManager ThinServer 11.2.0",
      "Rockwell Automation ThinManager ThinServer 12.0.0",
      "Rockwell Automation ThinManager ThinServer 12.1.0",
      "Rockwell Automation ThinManager ThinServer 13.0.0",
      "Rockwell Automation ThinManager ThinServer 13.1.0",
      "Rockwell Automation ThinManager ThinServer 13.2.0"
    ]
  },
  "referenceLink": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-06-28",
  "title": "Rockwell Automation ThinManager ThinServer\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-38544\uff09"
}

CVE-2024-5988 (GCVE-0-2024-5988)

Vulnerability from cvelistv5

Published

2024-06-25 15:53

Modified

2025-08-27 20:42

Severity ?

9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-20 - Improper Input Validation

Summary

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.

References

▼	URL	Tags
	https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html

Impacted products

	Vendor	Product	Version
	Rockwell Automation	ThinManager® ThinServer™	Version: 11.1.0 Version: 11.2.0 Version: 12.0.0 Version: 12.1.0 Version: 13.0.0 Version: 13.1.0 Version: 13.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.2.2",
                "status": "affected",
                "version": "13.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.2.2",
                "status": "affected",
                "version": "13.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.2.2",
                "status": "affected",
                "version": "13.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.2.2",
                "status": "affected",
                "version": "13.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.2.2",
                "status": "affected",
                "version": "13.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.2.2",
                "status": "affected",
                "version": "13.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinmanager",
            "vendor": "rockwellautomation",
            "versions": [
              {
                "lessThan": "11.1.8",
                "status": "affected",
                "version": "11.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "11.2.9",
                "status": "affected",
                "version": "11.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.0.7",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "12.1.8",
                "status": "affected",
                "version": "12.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.0.4",
                "status": "affected",
                "version": "13.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.1.2",
                "status": "affected",
                "version": "13.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.2.2",
                "status": "affected",
                "version": "13.2.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5988",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T13:49:49.088552Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T20:42:59.382Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:25:03.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ThinManager\u00ae ThinServer\u2122",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "11.1.0"
            },
            {
              "status": "affected",
              "version": "11.2.0"
            },
            {
              "status": "affected",
              "version": "12.0.0"
            },
            {
              "status": "affected",
              "version": "12.1.0"
            },
            {
              "status": "affected",
              "version": "13.0.0"
            },
            {
              "status": "affected",
              "version": "13.1.0"
            },
            {
              "status": "affected",
              "version": "13.2.0"
            }
          ]
        }
      ],
      "datePublic": "2024-06-25T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThinManager\u00ae ThinServer\u2122.\u003c/span\u003e\u003c/span\u003e"
            }
          ],
          "value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T16:03:05.556Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eAffected Product\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCVE\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eFirst Known in software version\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in software version (\u003cb\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eAvailable Here\u003c/a\u003e\u003c/b\u003e)\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003e\u003cp\u003e\u003cb\u003eThinManager\u00ae ThinServer\u2122\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e2024-5988\u003c/p\u003e\u003cp\u003e2024-5989\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003cp\u003e13.2.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.5\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.2.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e2024-5990\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e11.1.0\u003c/p\u003e\u003cp\u003e11.2.0\u003c/p\u003e\u003cp\u003e12.0.0\u003c/p\u003e\u003cp\u003e12.1.0\u003c/p\u003e\u003cp\u003e13.0.0\u003c/p\u003e\u003cp\u003e13.1.0\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e11.2.9\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.0.7\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e12.1.8\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.0.4\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003e13.1.2\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003cp\u003eCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 Update to the corrected software versions via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\"\u003eThinManager\u00ae Downloads Site\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\u003c/p\u003e\u003cp\u003e\u00b7 Security\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003e\u0026nbsp;Best Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003e\u0026nbsp;\u003c/b\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7 Update to the corrected software versions via the  ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security \u00a0Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-5988",
    "datePublished": "2024-06-25T15:53:33.899Z",
    "dateReserved": "2024-06-13T20:56:08.636Z",
    "dateUpdated": "2025-08-27T20:42:59.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted