Rockwell Automation patches critical flaws in ThinManager ThinServer
Take action: If you are using Rockwell Automation ThinManager ThinServer first make sure that its TCP Port 2031 can only be accessed from known thin clients and ThinManager servers. Then plan to patch the system in a controlled process.
Learn More
Rockwell Automation has identified and addressed multiple critical vulnerabilities in their ThinManager ThinServer software.
Rockwell Automation's ThinManager ThinServer is a centralized management platform designed to streamline the control and security of thin client terminals within industrial environments. It facilitates centralized visualization and content delivery, allowing for control and productivity across various devices and locations in a factory or office setting.
Vulnerabilities Details
- CVE-2024-5988 (CVSS score 9.8) - Improper Input Validation - An unauthenticated attacker can send a malicious message to invoke a local or remote executable, leading to remote code execution on the affected device.
- CVE-2024-5989 (CVSS score 9.8) - Improper Input Validation - An unauthenticated attacker can send a malicious message to invoke SQL injection into the program, causing remote code execution.
-
CVE-2024-5990 (CVSS score 8.7) - Improper Input Validation - An unauthenticated attacker can send a malicious message to a monitor thread within ThinServer, resulting in a denial-of-service condition.
These vulnerabilities impact the following ThinManager ThinServer versions:
- 11.1.0, 11.2.0, 12.0.0, 12.1.0, 13.0.0, 13.1.0, 13.2.0 (CVE-2024-5988, CVE-2024-5989)
- 11.1.0, 11.2.0, 12.0.0, 12.1.0, 13.0.0, 13.1.0 (CVE-2024-5990)
Rockwell Automation has released updates to address these vulnerabilities in the following versions:
- 11.1.8, 11.2.9, 12.0.7, 12.1.8, 13.0.5, 13.1.3, 13.2.2
Users are advised to ypdate to the latest versions from the ThinManager Downloads Site, and to restrict remote access for TCP Port 2031 to known thin clients and ThinManager servers.
