CVE-2024-5988
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/06/2024
Last modified:
16/09/2024
Description
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* | 11.1.0 (including) | 11.1.8 (excluding) |
| cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* | 11.2.0 (including) | 11.2.9 (excluding) |
| cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* | 12.0.0 (including) | 12.0.7 (excluding) |
| cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* | 12.1.0 (including) | 12.1.8 (excluding) |
| cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* | 13.0.0 (including) | 13.0.5 (excluding) |
| cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.3 (excluding) |
| cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* | 13.2.0 (including) | 13.2.2 (excluding) |
| cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:* | 11.1.0 (including) | 11.1.8 (excluding) |
| cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:* | 11.2.0 (including) | 11.2.9 (excluding) |
| cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:* | 12.0.0 (including) | 12.0.7 (excluding) |
| cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:* | 12.1.0 (including) | 12.1.8 (excluding) |
| cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:* | 13.0.0 (including) | 13.0.5 (excluding) |
| cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:* | 13.1.0 (including) | 13.1.3 (excluding) |
| cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:* | 13.2.0 (including) | 13.2.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page