Lucene search
HistoryJun 25, 2024 - 4:15 p.m.
CVE-2024-5989
improper input validation
sql injection
remote code execution
rockwell automation
thinmanager thinserver
9.3 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
9.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "ThinManager® ThinServer™",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
},
{
"status": "affected",
"version": "13.2.0"
}
]
}
]Social References
More
Related
nvd
nvd
CVE-2024-5989
2024-06-25 16:15:25
vulnrichment
vulnrichment
cvelist
cvelist
nessus
nessus
Rockwell Automation ThinManager ThinServer SD1677 Multiple Vulnerabilites
2024-06-25 00:00:00
9.3 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
9.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for CVE-2024-5989