Rockwell Automation ThinManager® ThinServer™ Vulnerable to SQL Injection
CVE-2024-5989

9.8CRITICAL

Key Information:

Vendor: Rockwell Automation
Status: Thinmanager® Thinserver™
Vendor: CVE Published:; 25 June 2024

Summary

An improper input validation vulnerability allows unauthenticated attackers to send specially crafted messages to the Rockwell Automation ThinManager® ThinServer™. This vulnerability enables the execution of SQL injection attacks, potentially allowing the attacker to manipulate database queries and trigger remote code execution. The risk posed by this vulnerability emphasizes the need for robust input validation measures in the affected product to safeguard against unauthorized access and exploitation.

Affected Version(s)

ThinManager® ThinServer™ 11.0.0

ThinManager® ThinServer™ 11.2.0

ThinManager® ThinServer™ 12.0.0

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
Jun 13, 2024