Rockwell Automation warns of flaws in ThinManager ThinServer, two critical

Rockwell Automation has disclosed multiple critical vulnerabilities in its ThinManager ThinServer software, widely used in critical manufacturing and industrial environments for managing and controlling thin client devices. These vulnerabilities, affecting various versions of ThinManager ThinServer, pose significant security risks, including the ability for attackers to read arbitrary files and execute code with system privileges.

Summary of the Vulnerabilities:

• CVE-2024-7986 (CVSS score 7.5) - This vulnerability allows attackers to disclose sensitive information by abusing the ThinServer service, enabling them to read arbitrary files by creating a junction pointing to the target directory.

• CVE-2024-7987 (CVSS score 9.8) - This vulnerability can lead to remote code execution with system privileges by exploiting improper permission assignments. Attackers can upload and execute arbitrary files through the ThinServer service.

• CVE-2024-7988 (CVSS score 9.8) - A critical remote code execution vulnerability due to insufficient input validation, allowing attackers to overwrite files and execute code with system privileges.

The vulnerabilities affect the following versions of ThinManager ThinServer:

• Versions 11.1.0 to 11.1.7
• Versions 11.2.0 to 11.2.8
• Versions 12.0.0 to 12.0.6
• Versions 12.1.0 to 12.1.7
• Versions 13.0.0 to 13.0.4
• Versions 13.1.0 to 13.1.2
• Versions 13.2.0 to 13.2.1

Rockwell Automation has released updated versions of ThinManager ThinServer to address these vulnerabilities. Users are urged to upgrade to the following versions or newer:

• Version 11.1.8
• Version 11.2.9
• Version 12.0.7
• Version 12.1.8
• Version 13.0.5
• Version 13.1.3
• Version 13.2.2

Ensure control systems are not exposed to the internet and are placed behind secure firewalls, use VPNs for remote access, but ensure VPNs are up-to-date and recognize that VPN security depends on the security of connected devices.