Request a Demo
Rewterz
AT&T Confirms Almost All Wireless Customers Impacted by Data Breach
July 15, 2024
Rewterz
HardBit Ransomware 4.0 Avoids Detection by Leveraging Passphrase Protection
July 15, 2024

ICS: Multiple Rockwell Automation Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-5989 CVSS:9.8

Rockwell Automation ThinManager ThinServer could allow a remote attacker to execute arbitrary code on the system, caused by SQL injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-5988 CVSS:9.8

Rockwell Automation ThinManager ThinServer could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-5990 CVSS:7.5

Rockwell Automation ThinManager ThinServer is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted message, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-5659 CVSS:7.5

Rockwell Automation ControlLogix, GuardLogix, and CompactLogix is vulnerable to a denial of service, caused by always-incorrect control flow implementation. By sending abnormal packets to the mDNS port, a remote attacker could exploit this vulnerability to cause a major nonrecoverable fault, leading to a denial of service.

Impact

  • Gain Access
  • Denial of Service

Indicators of Compromise

CVE

  • CVE-2024-5989
  • CVE-2024-5988
  • CVE-2024-5990
  • CVE-2024-5659

Affected Vendors

Rockwell Automation

Affected Products

  • Rockwell Automation ThinManager ThinServer 13.1.0
  • Rockwell Automation ThinManager ThinServer 11.1.0
  • Rockwell Automation ThinManager ThinServer 11.2.0
  • Rockwell Automation ThinManager ThinServer 12.0.0
  • Rockwell Automation ThinManager ThinServer 12.1.0
  • Rockwell Automation ThinManager ThinServer 13.0.0
  • Rockwell Automation ControlLogix 5580 34.011
  • Rockwell Automation GuardLogix 5580 34.011
  • Rockwell Automation CompactLogix 5380 34.011
  • Rockwell Automation Compact GuardLogix 5380 34.011
  • Rockwell Automation CompactLogix 5480 34.011

Remediation

Refer to Rockwell Automation Security Document for patch, upgrade or suggested workaround information.

CVE-2024-5989

CVE-2024-5988

CVE-2024-5990

CVE-2024-5659