Rockwell Automation’s ThinManager ThinServer has been identified with critical vulnerabilities that pose significant risks. The flaws, disclosed on July 11, 2024, affect several versions of ThinManager ThinServer and are rated with a CVSS v4 score of 9.3, indicating high severity. These vulnerabilities stem from improper input validation, which could allow unauthenticated attackers to execute arbitrary code or cause denial-of-service conditions. The affected versions include ThinManager ThinServer versions 11.1.0 through 13.2.0.
The primary vulnerabilities involve improper input validation that can lead to remote code execution and denial-of-service attacks. CVE-2024-5988 and CVE-2024-5989, with CVSS v4 scores of 9.3, enable attackers to send malicious messages that could trigger local or remote execution of arbitrary code. Additionally, CVE-2024-5990 allows for denial-of-service conditions due to similar validation issues. These vulnerabilities are critical for industries relying on ThinManager ThinServer for managing and controlling their operations.
Rockwell Automation has addressed these vulnerabilities in updated software versions, including ThinManager ThinServer versions 11.1.8, 11.2.9, 12.0.7, 12.1.8, 13.0.5, 13.1.3, and 13.2.2. Users are strongly advised to upgrade to these versions to mitigate the risk. Rockwell also recommends restricting remote access and applying security best practices to enhance protection against potential exploits. The updates and security guidelines can be accessed through the ThinManager download site and Rockwell Automation’s security resources.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance for mitigating these vulnerabilities, emphasizing minimizing network exposure and employing secure remote access methods, such as Virtual Private Networks (VPNs). CISA advises organizations to conduct thorough impact assessments and follow recommended cybersecurity strategies to safeguard their systems. While no public exploitation of these vulnerabilities has been reported, organizations are encouraged to report any suspicious activity to CISA for further investigation.