Rockwell Automation ThinManager® ThinServer™ Vulnerable to SQL Injection
CVE-2024-5989

9.3CRITICAL

Key Information:

Vendor: Rockwell Automation
Status: Thinmanager® Thinserver™
Vendor: CVE Published:; 25 June 2024

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2024-5989?

An improper input validation vulnerability allows unauthenticated attackers to send specially crafted messages to the Rockwell Automation ThinManager® ThinServer™. This vulnerability enables the execution of SQL injection attacks, potentially allowing the attacker to manipulate database queries and trigger remote code execution. The risk posed by this vulnerability emphasizes the need for robust input validation measures in the affected product to safeguard against unauthorized access and exploitation.

Affected Version(s)

ThinManager® ThinServer™ 11.0.0

ThinManager® ThinServer™ 11.2.0

ThinManager® ThinServer™ 12.0.0

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
Jun 13, 2024