Analysis Summary

CVE-2024-7988 CVSS:9.8

Rockwell Automation ThinManager ThinServer could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.

CVE-2024-7987 CVSS:7.8

Rockwell Automation ThinManager ThinServer could allow a local authenticated attacker to gain elevated privileges on the system, caused by the lack of proper access controls set on resources within the ThinServer service which listens on TCP port 2031 by default. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

CVE-2024-7986 CVSS:5.5

Rockwell Automation ThinManager ThinServer could allow a remote authenticated attacker to obtain sensitive information, caused by the lack of proper access controls set on resources used by the service. An attacker could exploit this vulnerability to read files in the context of the SYSTEM and obtain sensitive information.

Impact

• Privilege Escalation
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-7988
• CVE-2024-7987
• CVE-2024-7986

Affected Vendors

Affected Products

• Rockwell Automation ThinManager ThinServer 11.1.0
• Rockwell Automation ThinManager ThinServer 13.2.1

Remediation

Refer to Rockwell Automation Security Advisory for patch, upgrade or suggested workaround information.

Rockwell Automation Security Advisory