An authentication
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device, potentially
resulting in database manipulation.
Metrics
Affected Vendors & Products
Solution
· If able, navigate to the ThinManager® download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager® 11.2.10 12.0.8 12.1.9 13.0.6 13.1.4 13.2.3 14.0.1
Workaround
· If able, navigate to the ThinManager® download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager® · Implement network hardening for ThinManager® Device(s) by limiting communications to TCP 2031 to only the devices that need connection to the ThinManager® · For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability.
Tue, 05 Nov 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:rockwellautomation:thinmanager:14.0.0:*:*:*:*:*:*:* |
Fri, 25 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rockwellautomation
Rockwellautomation thinmanager |
|
CPEs | cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rockwellautomation
Rockwellautomation thinmanager |
|
Metrics |
ssvc
|
Fri, 25 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. | |
Title | Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability | |
Weaknesses | CWE-306 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Rockwell
Published:
Updated: 2024-10-25T20:17:55.566Z
Reserved: 2024-10-25T12:38:28.748Z
Link: CVE-2024-10386

Updated: 2024-10-25T20:17:38.312Z

Status : Analyzed
Published: 2024-10-25T17:15:03.987
Modified: 2024-11-05T20:07:59.487
Link: CVE-2024-10386

No data.

No data.