CVE-2024-10386 IMPACT



An authentication
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device, potentially
resulting in database manipulation.
Fixes

Solution

·         If able, navigate to the ThinManager® download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager® 11.2.10 12.0.8 12.1.9 13.0.6  13.1.4  13.2.3  14.0.1


Workaround

·         If able, navigate to the ThinManager® download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager® ·         Implement network hardening for ThinManager® Device(s) by limiting communications to TCP 2031 to only the devices that need connection to the ThinManager® ·         For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability.

History

Tue, 05 Nov 2024 20:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:rockwellautomation:thinmanager:14.0.0:*:*:*:*:*:*:*

Fri, 25 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation thinmanager
CPEs cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation
Rockwellautomation thinmanager
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 25 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Description CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.
Title Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published:

Updated: 2024-10-25T20:17:55.566Z

Reserved: 2024-10-25T12:38:28.748Z

Link: CVE-2024-10386

cve-icon Vulnrichment

Updated: 2024-10-25T20:17:38.312Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-25T17:15:03.987

Modified: 2024-11-05T20:07:59.487

Link: CVE-2024-10386

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.