FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-5990

Improper Input Validation (CWE-20)

Published: Jun 25, 2024 / Updated: 4mo ago

010
CVSS 8.7EPSS 0.04%High
CVE info copied to clipboard

Summary

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.

Impact

This vulnerability could allow an unauthenticated attacker to cause a denial-of-service condition on the affected Rockwell Automation ThinServer™ device. This could potentially disrupt operations and lead to system unavailability, impacting the normal functioning of the industrial control systems that rely on ThinServer™. The CVSS v4 base score for this vulnerability is 8.7 (HIGH severity), with the following key metrics: Attack Vector: Network, Attack Complexity: Low, Privileges Required: None, User Interaction: None, and Availability Impact: High. This indicates that the vulnerability is easily exploitable and can cause significant disruption to system availability.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch for this vulnerability is available. According to the patch details, Rockwell Automation has released an advisory titled "ThinManager® ThinServer™ Improper Input Validation Vulnerability" on June 25, 2024. The security team should review and apply this patch as soon as possible.

Mitigation

While specific mitigation steps are not provided in the given data, general recommendations for this type of vulnerability include: 1. Implement network segmentation to limit access to the affected ThinServer™ devices. 2. Use firewalls or other network security measures to restrict incoming traffic to these devices. 3. Monitor for unusual traffic or behavior targeting the ThinServer™ devices. 4. Apply the available patch from Rockwell Automation as soon as possible after appropriate testing. 5. Consider implementing additional input validation mechanisms if possible at the network or application level to filter out malicious messages. 6. Regularly check for updates and security advisories from Rockwell Automation regarding ThinManager® and ThinServer™ products.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

Vendor Advisory

Rockwell Automation released a security advisory (SD1677).

Jun 25, 2024 at 4:00 PM
First Article

Feedly found the first article mentioning CVE-2024-5990. See article

Jun 25, 2024 at 4:06 PM / Tenable Research Advisories
CVE Assignment

NVD published the first details for CVE-2024-5990

Jun 25, 2024 at 4:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jun 25, 2024 at 4:16 PM
Trending

This CVE started to trend in security discussions

Jun 25, 2024 at 9:41 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (200986)

Jun 25, 2024 at 11:15 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.1%)

Jun 26, 2024 at 10:03 AM
Trending

This CVE stopped trending in security discussions

Jun 28, 2024 at 4:45 PM
CVSS

A CVSS base score of 8.7 has been assigned.

Aug 8, 2024 at 11:55 PM / rockwellautomation
Static CVE Timeline Graph

Affected Systems

Rockwellautomation/thinserver
+null more

Patches

ThinManager® ThinServer™ Improper Input Validation Vulnerability
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Vendor Advisory

ThinManager® ThinServer™ Improper Input Validation Vulnerabilities
Rockwell Automation / 4mo
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the affected device. Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the affected device.

References

ThinManager® ThinServer™ Improper Input Validation Vulnerabilities
Rockwell Automation / 4mo
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the affected device. Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the affected device.

News

Update Fri Jul 19 22:28:32 UTC 2024
Recent Commits to cve:main / 4mo
Update Fri Jul 19 22:28:32 UTC 2024
Rockwell Automation patches critical flaws in ThinManager ThinServer
BeyondMachines / 4mo
Take action: If you are using Rockwell Automation ThinManager ThinServer first make sure that its TCP Port 2031 can only be accessed from known thin clients and ThinManager servers. Rockwell Automation's ThinManager ThinServer is a centralized management platform designed to streamline the control and security of thin client terminals within industrial environments.
Critical Vulnerabilities Uncovered in Rockwell Automation's ThinManager: Immediate Action Required
Talkback Home / 4mo
The most severe of these vulnerabilities, CVE-2024-5988 and CVE-2024-5989, have been assigned a CVSS score of 9.8
Critical Vulnerabilities Uncovered in Rockwell Automation’s ThinManager: Immediate Action Required
Vulnerability Archives • Cybersecurity News / 4mo
These vulnerabilities, discovered and reported by security researchers at Tenable Network Security, tracked as CVE-2024-5988, CVE-2024-5989, and CVE-2024-5990, could potentially allow remote attackers to execute arbitrary code or cause a denial-of-service condition on affected devices. Rockwell Automation, a global leader in industrial automation and digital transformation, has issued a security advisory urging users of its ThinManager software to update to the latest versions following the discovery of three critical vulnerabilities.
CVE-2024-5990
Newest CVEs from Tenable / 4mo
Critical Severity Description Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. Read more at https://www.tenable.com/cve/CVE-2024-5990
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

CVSS 7.5(51562)CWE-20(11385)Rockwellautomation(278)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial