{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10386", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-10-25T12:38:28.748Z", "datePublished": "2024-10-25T17:04:34.000Z", "dateUpdated": "2024-10-25T20:17:55.566Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FactoryTalk ThinManager", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "11.2.0-11.2.9"}, {"status": "affected", "version": "12.0.0-12.0.7"}, {"status": "affected", "version": "12.1.0-12.1.8"}, {"status": "affected", "version": "13.0.0-13.0.5"}, {"status": "affected", "version": "13.1.0-13.1.3"}, {"status": "affected", "version": "13.2.0-13.2.2"}, {"status": "affected", "version": "14.0.0"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Tenable Network Security"}], "datePublic": "2024-10-25T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><b><u>CVE-2024-10386 IMPACT</u></b><u></u></p>\n\n<p>An authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation.</p>"}], "value": "CVE-2024-10386 IMPACT\n\n\n\nAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-10-25T17:04:34.000Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: var(--wht);\">\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nIf able,\nnavigate to the </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\">ThinManager\u00ae download site</a><span style=\"background-color: var(--wht);\"> and upgrade to a corrected version of ThinManager\u00ae</span>\n\n<br><br><p>11.2.10<br>\n</p>\n\n<p>12.0.8<br>\n</p>\n\n<p>12.1.9<br>\n</p>\n\n<p>13.0.6&nbsp;</p>\n\n\n\n<p>13.1.4&nbsp;</p>\n\n\n\n<p>13.2.3&nbsp;</p>\n\n\n\n<p>14.0.1</p>\n\n\n\n\n\n<br>"}], "value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6\u00a0\n\n\n\n\n\n13.1.4\u00a0\n\n\n\n\n\n13.2.3\u00a0\n\n\n\n\n\n14.0.1"}], "source": {"discovery": "EXTERNAL"}, "title": "Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: var(--wht);\">\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nIf able,\nnavigate to the </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\">ThinManager\u00ae download site</a><span style=\"background-color: var(--wht);\"> and upgrade to a corrected version of ThinManager\u00ae</span></p>\n\n<p>\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae</p>\n\n<p>\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">security best\npractices</a> to\nminimize the risk of the vulnerability.</p>\n\n\n\n\n\n<br>"}], "value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "rockwellautomation", "product": "thinmanager", "cpes": ["cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "11.2.0", "status": "affected", "lessThanOrEqual": "11.2.9", "versionType": "custom"}, {"version": "12.0.0", "status": "affected", "lessThanOrEqual": "12.0.7", "versionType": "custom"}, {"version": "12.1.0", "status": "affected", "lessThanOrEqual": "12.1.8", "versionType": "custom"}, {"version": "13.0.0", "status": "affected", "lessThanOrEqual": "13.0.5", "versionType": "custom"}, {"version": "13.1.0", "status": "affected", "lessThanOrEqual": "13.1.3", "versionType": "custom"}, {"version": "13.2.0", "status": "affected", "lessThanOrEqual": "13.2.2", "versionType": "custom"}, {"version": "14.0.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-25T20:14:39.256573Z", "id": "CVE-2024-10386", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T20:17:55.566Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-10386", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-25T20:14:39.256573Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "thinmanager", "versions": [{"status": "affected", "version": "11.2.0", "versionType": "custom", "lessThanOrEqual": "11.2.9"}, {"status": "affected", "version": "12.0.0", "versionType": "custom", "lessThanOrEqual": "12.0.7"}, {"status": "affected", "version": "12.1.0", "versionType": "custom", "lessThanOrEqual": "12.1.8"}, {"status": "affected", "version": "13.0.0", "versionType": "custom", "lessThanOrEqual": "13.0.5"}, {"status": "affected", "version": "13.1.0", "versionType": "custom", "lessThanOrEqual": "13.1.3"}, {"status": "affected", "version": "13.2.0", "versionType": "custom", "lessThanOrEqual": "13.2.2"}, {"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T20:17:38.312Z"}}], "cna": {"title": "Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Tenable Network Security"}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "FactoryTalk ThinManager", "versions": [{"status": "affected", "version": "11.2.0-11.2.9"}, {"status": "affected", "version": "12.0.0-12.0.7"}, {"status": "affected", "version": "12.1.0-12.1.8"}, {"status": "affected", "version": "13.0.0-13.0.5"}, {"status": "affected", "version": "13.1.0-13.1.3"}, {"status": "affected", "version": "13.2.0-13.2.2"}, {"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6\u00a0\n\n\n\n\n\n13.1.4\u00a0\n\n\n\n\n\n13.2.3\u00a0\n\n\n\n\n\n14.0.1", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: var(--wht);\">\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nIf able,\nnavigate to the </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\">ThinManager\u00ae download site</a><span style=\"background-color: var(--wht);\"> and upgrade to a corrected version of ThinManager\u00ae</span>\n\n<br><br><p>11.2.10<br>\n</p>\n\n<p>12.0.8<br>\n</p>\n\n<p>12.1.9<br>\n</p>\n\n<p>13.0.6&nbsp;</p>\n\n\n\n<p>13.1.4&nbsp;</p>\n\n\n\n<p>13.2.3&nbsp;</p>\n\n\n\n<p>14.0.1</p>\n\n\n\n\n\n<br>", "base64": false}]}], "datePublic": "2024-10-25T17:00:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"}], "workarounds": [{"lang": "en", "value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nIf able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability.", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: var(--wht);\">\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nIf able,\nnavigate to the </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\">ThinManager\u00ae download site</a><span style=\"background-color: var(--wht);\"> and upgrade to a corrected version of ThinManager\u00ae</span></p>\n\n<p>\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae</p>\n\n<p>\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">security best\npractices</a> to\nminimize the risk of the vulnerability.</p>\n\n\n\n\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CVE-2024-10386 IMPACT\n\n\n\nAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation.", "supportingMedia": [{"type": "text/html", "value": "<p><b><u>CVE-2024-10386 IMPACT</u></b><u></u></p>\n\n<p>An authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-10-25T17:04:34.000Z"}}}, "cveMetadata": {"cveId": "CVE-2024-10386", "state": "PUBLISHED", "dateUpdated": "2024-10-25T20:17:55.566Z", "dateReserved": "2024-10-25T12:38:28.748Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2024-10-25T17:04:34.000Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC6CF373-34C9-43AC-B210-2E7C31CEAEFA", "versionEndExcluding": "11.2.10", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EAE9FF9-28B3-4490-8358-A3636FFDC9C8", "versionEndExcluding": "12.0.8", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "667ACE9F-6074-4300-A90A-5C6F8A06B76A", "versionEndExcluding": "12.1.9", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C56E6406-256A-4774-9FDD-E72625D4B1AA", "versionEndExcluding": "13.0.6", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBC9C4F3-88C5-4FDF-873C-19EB726EFC26", "versionEndExcluding": "13.1.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CB3EC6B-AFAF-4D59-98C6-9BA8E817604B", "versionEndExcluding": "13.2.3", "versionStartIncluding": "13.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:14.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "48214ABF-9E29-4422-A0E6-6AF4AE199D51", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CVE-2024-10386 IMPACT\n\n\n\nAn authentication\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device, potentially\nresulting in database manipulation."}, {"lang": "es", "value": "CVE-2024-10386 IMPACTO Existe una vulnerabilidad de autenticaci\u00f3n en el producto afectado. La vulnerabilidad podr\u00eda permitir que un actor de amenazas con acceso a la red env\u00ede mensajes manipulados al dispositivo, lo que podr\u00eda provocar la manipulaci\u00f3n de la base de datos."}], "id": "CVE-2024-10386", "lastModified": "2024-11-05T20:07:59.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2024-10-25T17:15:03.987", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Vendor Advisory"], "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}

{}