ThinManager® ThinServer Vulnerability Allows Sensitive Information Disclosure
CVE-2024-7986

Currently unrated

Key Information:

Vendor: Rockwell Automation
Status: Thinmanager® Thinserver™
Vendor: CVE Published:; 23 August 2024

Summary

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.

Affected Version(s)

ThinManager® ThinServer™ 11.1.0-11.1.7 11.2.0-11.2.8 12.0.0-12.0.6 12.1.0-12.1.7 13.0.0-13.0.4 13.1.0-13.1.2 13.2.0-13.2.1

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Aug 19, 2024