CVE-2024-5989

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.

CVE-2024-10386

CVE-2024-10386 IMPACT An authenticationvulnerability exists in the affected product. The vulnerability could allow athreat actor with network access to send crafted messages to the device, potentiallyresulting in database manipulation.

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.

CVE-2024-45826

CVE-2024-45826 IMPACTDue to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.

CVE-2024-10387

CVE-2024-10387 IMPACT A Denial-of-Servicevulnerability exists in the affected product. The vulnerability could allow athreat actor with network access to send crafted messages to the device,potentially resulting in Denial-of-Service.

CVE-2024-7986

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory...