Vulnerability Details CVE-2024-7987
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™
that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.4%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2024-7987
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:11.1.0
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:11.1.7
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:11.2.0
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:11.2.8
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:12.0.0
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:12.0.6
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:12.1.0
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:12.1.7
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:13.0.0
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:13.0.4
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:13.1.0
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:13.1.2
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:13.2.0
-
cpe:2.3:a:rockwellautomation:thinmanager_thinserver:13.2.1