Arbitrary Code Execution Vulnerability in ThinManager® ThinServer™ Due to Lack of Data Input Validation
CVE-2024-7988

Currently unrated

Key Information:

Vendor: Rockwell Automation
Status: Thinmanager® Thinserver™
Vendor: CVE Published:; 26 August 2024

Summary

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten.

Affected Version(s)

ThinManager® ThinServer™ 11.1.0-11.1.7 11.2.0-11.2.8 12.0.0-12.0.6 12.1.0-12.1.7 13.0.0-13.0.4 13.1.0-13.1.2 13.2.0-13.2.1

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

Timeline

Vulnerability published
Aug 26, 2024
Vulnerability Reserved
Aug 19, 2024