July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
CVE-2024-20787 – Adobe Substance 3D Painter Vulnerability
October 28, 2024Vidar Malware – Active IOCs
October 28, 2024CVE-2024-20787 – Adobe Substance 3D Painter Vulnerability
October 28, 2024Vidar Malware – Active IOCs
October 28, 2024
Severity
High
Analysis Summary
CVE-2024-10386 CVSS:9.8
Rockwell Automation FactoryTalk ThinManage could allow a remote attacker to bypass security restrictions, caused by authentication vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to manipulate database.
CVE-2024-10387 CVSS:7.5
A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.
Impact
- Denial of Service
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-10386
- CVE-2024-10387
Affected Vendors
Rockwell Automation
Affected Products
- Rockwell Automation FactoryTalk ThinManager - 11.2.0-11.2.9 - 12.0.0-12.0.7 - 12.1.0-12.1.8 - 13.0.0-13.0.5 - 13.1.0-13.1.3 - 13.2.0-13.2.2 - 14.0.0
Remediation
Refer to Rockwell Automation Security Advisory for patch, upgrade or suggested workaround information.