Rockwellautomation: >> Thinmanager >> 13.1.2 Security Vulnerabilities
CVE-2024-10387 IMPACT
A Denial-of-Service
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device,
potentially resulting in Denial-of-Service.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-10-25
CVE-2024-10386 IMPACT
An authentication
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device, potentially
resulting in database manipulation.
CVSS Score
9.8
EPSS Score
0.0
Published
2024-10-25
CVE-2024-45826 IMPACT
Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-09-12
A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-08-23
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
CVSS Score
9.8
EPSS Score
0.009
Published
2024-06-25
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
CVSS Score
9.8
EPSS Score
0.012
Published
2024-06-25