CVE-2024-7988 (CVSS 9.8): Rockwell Automation’s ThinManager Flaw Allows RCE

Rockwell Automation ThinManager ThinServer CVE-2024-7988

Rockwell Automation has issued a critical security advisory concerning multiple vulnerabilities discovered in its ThinManager ThinServer software. These vulnerabilities, reported by Nicholas Zubrisky of Trend Micro Security Research, identified as CVE-2024-7986, CVE-2024-7987, and CVE-2024-7988, pose significant risks to systems running affected versions of the software. The vulnerabilities range in severity, with CVSS scores as high as 9.8, highlighting the urgent need for users to apply the necessary patches.

Vulnerabilities and Their Impact:

The advisory details three specific vulnerabilities:

  • CVE-2024-7986 (CVSS 5.5): This vulnerability enables threat actors to disclose sensitive information by abusing the ThinServer service to read arbitrary files.
  • CVE-2024-7987 (CVSS 7.8): A more severe vulnerability, this flaw allows remote code execution with System privileges. Attackers can exploit this by creating a junction and using it to upload arbitrary files.
  • CVE-2024-7988 (CVSS 9.8): The most critical of the three, this vulnerability also leads to remote code execution with System privileges. It arises due to improper data input validation, allowing files to be overwritten.

The potential impact of these vulnerabilities is significant. Successful exploitation could lead to unauthorized access to sensitive data, system compromise, and disruption of critical industrial operations.

Affected Versions and Remediation:

The vulnerabilities affect a wide range of ThinManager ThinServer versions, spanning from 11.1.0 to 13.2.1. Rockwell Automation has released patches to address these issues and strongly urges users to update their ThinServer installations to the latest versions as soon as possible.

Affected Product First Known in software version Corrected in software version
ThinManager® ThinServer™ 11.1.0-11.1.7
11.2.0-11.2.8
12.0.0-12.0.6
12.1.0-12.1.7
13.0.0-13.0.4
13.1.0-13.1.2
13.2.0-13.2.1
11.1.8

11.2.9

12.0.7

12.1.8

13.0.5

13.1.3

13.2.2

Call to Action:

Organizations utilizing ThinManager ThinServer in their industrial environments should prioritize applying the available patches immediately. The severity of these vulnerabilities, particularly the potential for remote code execution, necessitates swift action to protect critical infrastructure and data.

Related Posts: