National Cyber Warfare Foundation (NCWF) Forums


Rockwell Automation ThinManager Flaw Let Attackers Execute Remote Code


0 user ratings
2024-08-28 06:34:15
milo
Red Team (CNA)

Rockwell Automation’s ThinManager ThinServer has been found to contain multiple critical vulnerabilities that could allow attackers to execute remote code. Nicholas Zubrisky of Trend Micro Security Research discovered the flaws, identified as CVE-2024-7986, CVE-2024-7987, and CVE-2024-7988, and published a detailed advisory. Vulnerability Overview The vulnerabilities affect several versions of ThinManager ThinServer, a widely used platform […]


The post Rockwell Automation ThinManager Flaw Let Attackers Execute Remote Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Rockwell Automation’s ThinManager ThinServer has been found to contain multiple critical vulnerabilities that could allow attackers to execute remote code.





Nicholas Zubrisky of Trend Micro Security Research discovered the flaws, identified as CVE-2024-7986, CVE-2024-7987, and CVE-2024-7988, and published a detailed advisory.





Vulnerability Overview





The vulnerabilities affect several versions of ThinManager ThinServer, a widely used platform for centralized management of thin client networks.





The flaws have been assigned CVSS scores ranging from 5.5 to 9.8, indicating varying levels of severity.





Table: Affected Products and Solutions





Affected ProductFirst Known VersionCorrected Version
ThinManager® ThinServer™11.1.0-11.1.711.1.8
11.2.0-11.2.811.2.9
12.0.0-12.0.612.0.7
12.1.0-12.1.712.1.8
13.0.0-13.0.413.0.5
13.1.0-13.1.213.1.3
13.2.0-13.2.113.2.2




Detailed Analysis of Vulnerabilities





CVE-2024-7986: Information Disclosure





This vulnerability allows attackers to disclose sensitive information by exploiting the ThinServer service.





Threat actors can read arbitrary files by creating a junction that points to a target directory. The flaw is rated with a CVSS score of 5.5 (v3.1) and 6.8 (v4.0), indicating a moderate risk. The vulnerability is linked to CWE-269, which involves improper privilege management.





Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial





CVE-2024-7987: Remote Code Execution





CVE-2024-7987 is a more severe flaw, enabling attackers to execute arbitrary code with system privileges.





By abusing the ThinServer service, attackers can upload arbitrary files, potentially compromising entire systems.





This vulnerability has a CVSS score of 7.8 (v3.1) and 8.5 (v4.0), highlighting its critical nature.





CVE-2024-7988: Critical Remote Code Execution





The most critical of the three, CVE-2024-7988, allows for remote code execution due to improper input validation.





This flaw can lead to file overwriting, posing a significant threat to system integrity. It has been assigned a CVSS score of 9.8 (v3.1) and 9.3 (v4.0).





Rockwell Automation has urged users to update the corrected software versions in the table above.





Implementing security best practices and staying informed about potential threats are also recommended to minimize risk.





The company emphasizes the importance of stakeholder-specific vulnerability categorization to prioritize security efforts effectively.





These vulnerabilities pose serious risks to industrial systems, so immediate action is advised to protect sensitive data and maintain operational integrity.





Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial


The post Rockwell Automation ThinManager Flaw Let Attackers Execute Remote Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Source: gbHackers
Source Link: https://gbhackers.com/rockwell-automation-thinmanage/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.