Remote Code Execution Vulnerability in Rockwell Automation ThinManager® ThinServer™
CVE-2024-7987

Currently unrated

Key Information:

Vendor: Rockwell Automation
Status: Thinmanager® Thinserver™
Vendor: CVE Published:; 26 August 2024

Summary

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files.

Affected Version(s)

ThinManager® ThinServer™ 11.1.0-11.1.7 11.2.0-11.2.8 12.0.0-12.0.6 12.1.0-12.1.7 13.0.0-13.0.4 13.1.0-13.1.2 13.2.0-13.2.1

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

Timeline

Vulnerability published
Aug 26, 2024
Vulnerability Reserved
Aug 19, 2024