Rewterz

Microsoft Addresses ASCII Smuggling Bug That Allowed Data Theft from Microsoft 365 Copilot

August 27, 2024
Rewterz

CVE-2024-28000 – WordPress LiteSpeed Technologies LiteSpeed Cache Plugin Vulnerability

August 27, 2024

ICS: Multiple Rockwell Automation ThinManager ThinServer Zero-Day Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-7988 CVSS:9.8

Rockwell Automation ThinManager ThinServer could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.

CVE-2024-7987 CVSS:7.8

Rockwell Automation ThinManager ThinServer could allow a local authenticated attacker to gain elevated privileges on the system, caused by the lack of proper access controls set on resources within the ThinServer service which listens on TCP port 2031 by default. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

CVE-2024-7986 CVSS:5.5

Rockwell Automation ThinManager ThinServer could allow a remote authenticated attacker to obtain sensitive information, caused by the lack of proper access controls set on resources used by the service. An attacker could exploit this vulnerability to read files in the context of the SYSTEM and obtain sensitive information.

Impact

  • Privilege Escalation
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-7988
  • CVE-2024-7987
  • CVE-2024-7986

Affected Vendors

Rockwell Automation

Affected Products

  • Rockwell Automation ThinManager ThinServer 11.1.0
  • Rockwell Automation ThinManager ThinServer 13.2.1

Remediation

Refer to Rockwell Automation Security Advisory for patch, upgrade or suggested workaround information.

Rockwell Automation Security Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.