Critical Vulnerabilities Uncovered in Rockwell Automation’s ThinManager: Immediate Action Required

CVE-2024-5988 and CVE-2024-5989

Rockwell Automation, a global leader in industrial automation and digital transformation, has issued a security advisory urging users of its ThinManager software to update to the latest versions following the discovery of three critical vulnerabilities. These vulnerabilities, discovered and reported by security researchers at Tenable Network Security, tracked as CVE-2024-5988, CVE-2024-5989, and CVE-2024-5990, could potentially allow remote attackers to execute arbitrary code or cause a denial-of-service condition on affected devices.

CVE-2024-5988 and CVE-2024-5989

The most severe of these vulnerabilities, CVE-2024-5988 and CVE-2024-5989, have been assigned a CVSS score of 9.8, indicating a critical severity level. These vulnerabilities stem from improper input validation, which could be exploited by unauthenticated attackers to send malicious messages that trigger remote code execution. This could allow attackers to gain full control of the targeted system, potentially leading to data breaches, operational disruptions, or even physical damage to industrial processes.

The third vulnerability, CVE-2024-5990, has a CVSS score of 7.5 and could enable attackers to cause a denial-of-service condition on affected devices. While not as severe as the remote code execution vulnerabilities, this flaw could still disrupt operations and cause significant downtime.

These vulnerabilities impact multiple versions of ThinManager ThinServer, specifically versions 11.1.0 through 13.2.0. Below is a summary of affected and corrected software versions:

  • ThinManager ThinServer:
    • First Known Vulnerable Versions: 11.1.0, 11.2.0, 12.0.0, 12.1.0, 13.0.0, 13.1.0, 13.2.0
    • Corrected Versions:
      • 11.1.8
      • 11.2.9
      • 12.0.7
      • 12.1.8
      • 13.0.5
      • 13.1.3
      • 13.2.2

Rockwell Automation has released updated versions of ThinManager and ThinServer software that address these vulnerabilities. Users are strongly encouraged to update their software as soon as possible to protect their systems from potential attacks. In addition to updating, Rockwell Automation recommends implementing security best practices, such as limiting remote access to TCP port 2031 and following network segmentation guidelines.