ICS: Multiple Rockwell Automation FactoryTalk Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-10386 CVSS:9.8

Rockwell Automation FactoryTalk ThinManage could allow a remote attacker to bypass security restrictions, caused by authentication vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to manipulate database.

CVE-2024-10387 CVSS:7.5

A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.

Impact

Denial of Service
Security Bypass

Indicators of Compromise

CVE

CVE-2024-10386
CVE-2024-10387

Affected Vendors

Rockwell Automation

Affected Products

Rockwell Automation FactoryTalk ThinManager - 11.2.0-11.2.9 - 12.0.0-12.0.7 - 12.1.0-12.1.8 - 13.0.0-13.0.5 - 13.1.0-13.1.3 - 13.2.0-13.2.2 - 14.0.0

Remediation

Refer to Rockwell Automation Security Advisory for patch, upgrade or suggested workaround information.

Rockwell Automation Security Advisory

CVE-2024-20787 – Adobe Substance 3D Painter Vulnerability

Vidar Malware – Active IOCs

ICS: Multiple Rockwell Automation FactoryTalk Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan