FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-5989

Improper Input Validation (CWE-20)

Published: Jun 25, 2024 / Updated: 4mo ago

010
CVSS 9.3EPSS 0.04%Critical
CVE info copied to clipboard

Summary

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.

Impact

This vulnerability allows unauthenticated attackers to execute arbitrary code remotely on affected Rockwell Automation ThinManager ThinServer systems. The successful exploitation could lead to complete system compromise, allowing attackers to run malicious commands, access sensitive data, or potentially gain control over the industrial control systems managed by ThinServer. The CVSS v4 base score is 9.3 (CRITICAL), with high impacts on confidentiality, integrity, and availability.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Rockwell Automation has released an advisory (SD1677) addressing this vulnerability, with patch details added on 2024-06-25.

Mitigation

1. Apply the patch provided by Rockwell Automation as soon as possible. 2. Implement strong input validation and sanitization for all user-supplied data. 3. Use parameterized queries or prepared statements to prevent SQL injection. 4. Apply the principle of least privilege to limit the potential impact of successful attacks. 5. Implement network segmentation to isolate ThinServer systems from untrusted networks. 6. Monitor systems for suspicious activities and implement intrusion detection/prevention systems. 7. Keep the ThinManager ThinServer software updated with the latest security patches.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

Vendor Advisory

Rockwell Automation released a security advisory (SD1677).

Jun 25, 2024 at 4:00 PM
First Article

Feedly found the first article mentioning CVE-2024-5989. See article

Jun 25, 2024 at 4:06 PM / Tenable Research Advisories
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jun 25, 2024 at 4:08 PM
CVE Assignment

NVD published the first details for CVE-2024-5989

Jun 25, 2024 at 4:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (200987)

Jun 25, 2024 at 11:15 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.1%)

Jun 26, 2024 at 10:03 AM
CVSS

A CVSS base score of 9.3 has been assigned.

Aug 8, 2024 at 11:55 PM / rockwellautomation
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.4%)

Aug 8, 2024 at 11:55 PM
CVSS

A CVSS base score of 9.8 has been assigned.

Sep 16, 2024 at 12:10 PM / nvd
Static CVE Timeline Graph

Affected Systems

Rockwellautomation/thinserver
+null more

Patches

Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Vendor Advisory

ThinManager® ThinServer™ Improper Input Validation Vulnerabilities
Rockwell Automation / 4mo
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the affected device. Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the affected device.

References

ThinManager® ThinServer™ Improper Input Validation Vulnerabilities
Rockwell Automation / 4mo
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the affected device. Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the affected device.

News

Update Thu Jul 18 14:34:34 UTC 2024
Recent Commits to cve:main / 4mo
Update Thu Jul 18 14:34:34 UTC 2024
Rockwell Automation patches critical flaws in ThinManager ThinServer
BeyondMachines / 4mo
Take action: If you are using Rockwell Automation ThinManager ThinServer first make sure that its TCP Port 2031 can only be accessed from known thin clients and ThinManager servers. Rockwell Automation's ThinManager ThinServer is a centralized management platform designed to streamline the control and security of thin client terminals within industrial environments.
Critical Vulnerabilities Uncovered in Rockwell Automation's ThinManager: Immediate Action Required
Talkback Home / 4mo
The most severe of these vulnerabilities, CVE-2024-5988 and CVE-2024-5989, have been assigned a CVSS score of 9.8
Critical Vulnerabilities Uncovered in Rockwell Automation’s ThinManager: Immediate Action Required
Vulnerability Archives • Cybersecurity News / 4mo
These vulnerabilities, discovered and reported by security researchers at Tenable Network Security, tracked as CVE-2024-5988, CVE-2024-5989, and CVE-2024-5990, could potentially allow remote attackers to execute arbitrary code or cause a denial-of-service condition on affected devices. Rockwell Automation, a global leader in industrial automation and digital transformation, has issued a security advisory urging users of its ThinManager software to update to the latest versions following the discovery of three critical vulnerabilities.
CVE-2024-5989
Newest CVEs from Tenable / 4mo
Critical Severity Description Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Read more at https://www.tenable.com/cve/CVE-2024-5989
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.8(27010)CWE-20(11385)Rockwellautomation(278)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial