Lucene search
RockwellCVELIST:CVE-2024-5989HistoryJun 25, 2024 - 4:01 p.m.
CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
2024-06-2516:01:39
CWE-20
Rockwell
www.cve.org
1
improper input validation
unauthenticated
sql injection
remote code execution
rockwell automation thinserver
9.3 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
0.0004 Low
EPSS
Percentile
9.1%
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "ThinManager® ThinServer™",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "13.1.0"
},
{
"status": "affected",
"version": "13.2.0"
}
]
}
]Related
nvd
nvd
CVE-2024-5989
2024-06-25 16:15:25
vulnrichment
vulnrichment
cve
cve
CVE-2024-5989
2024-06-25 16:15:25
nessus
nessus
Rockwell Automation ThinManager ThinServer SD1677 Multiple Vulnerabilites
2024-06-25 00:00:00
9.3 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-5989