{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5990", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-06-13T20:56:10.603Z", "datePublished": "2024-06-25T16:11:01.407Z", "dateUpdated": "2024-08-01T21:25:03.210Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ThinManager\u00ae ThinServer\u2122", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "11.1.0"}, {"status": "affected", "version": "11.2.0"}, {"status": "affected", "version": "12.0.0"}, {"status": "affected", "version": "12.1.0"}, {"status": "affected", "version": "13.0.0"}, {"status": "affected", "version": "13.1.0"}]}], "datePublic": "2024-06-25T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device. </span>\n\n"}], "value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-06-25T16:11:01.407Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n <b></b><table><tbody><tr><td><p>Affected Product</p></td><td><p>CVE</p></td><td><p>First Known in software version</p></td><td><p>Corrected in software version (<b><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">Available Here</a></b>)</p></td></tr><tr><td rowspan=\"2\"><p><b>ThinManager\u00ae ThinServer\u2122</b></p></td><td><p>2024-5988</p><p>2024-5989</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>11.1.0</p><p>11.2.0</p><p>12.0.0</p><p>12.1.0</p><p>13.0.0</p><p>13.1.0</p><p>13.2.0</p></td><td><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.2.9</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.0.7</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.0.5</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.1.3</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.2.2</a></p></td></tr><tr><td><p>2024-5990</p></td><td><p>11.1.0</p><p>11.2.0</p><p>12.0.0</p><p>12.1.0</p><p>13.0.0</p><p>13.1.0</p></td><td><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.2.9</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.0.7</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.0.4</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.1.2</a></p></td></tr></tbody></table><p><b>\n\n</b></p><p><b>Customers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.</b></p><p><b>\u00b7Update to the corrected software versions via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">ThinManager\u00ae Downloads Site</a></b></p><p><b>\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.</b></p><p><b>\u00b7 <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></b></p><b>\n\n</b><p></p><br>"}], "value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}], "source": {"discovery": "EXTERNAL"}, "title": "ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "rockwellautomation", "product": "thinmanager", "cpes": ["cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "11.1.0", "status": "affected", "lessThan": "11.1.8", "versionType": "custom"}, {"version": "11.2.0", "status": "affected", "lessThan": "11.2.9", "versionType": "custom"}, {"version": "12.0.0", "status": "affected", "lessThan": "12.0.7", "versionType": "custom"}, {"version": "12.1.0", "status": "affected", "lessThan": "12.1.8", "versionType": "custom"}, {"version": "13.0.0", "status": "affected", "lessThan": "13.0.4", "versionType": "custom"}, {"version": "13.1.0", "status": "affected", "lessThan": "13.1.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T13:48:23.344377Z", "id": "CVE-2024-5990", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T17:01:59.269Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.210Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.210Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5990", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T13:48:23.344377Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "thinmanager", "versions": [{"status": "affected", "version": "11.1.0", "lessThan": "11.1.8", "versionType": "custom"}, {"status": "affected", "version": "11.2.0", "lessThan": "11.2.9", "versionType": "custom"}, {"status": "affected", "version": "12.0.0", "lessThan": "12.0.7", "versionType": "custom"}, {"status": "affected", "version": "12.1.0", "lessThan": "12.1.8", "versionType": "custom"}, {"status": "affected", "version": "13.0.0", "lessThan": "13.0.4", "versionType": "custom"}, {"status": "affected", "version": "13.1.0", "lessThan": "13.1.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T17:01:39.721Z"}}], "cna": {"title": "ThinManager\u00ae ThinServer\u2122 Improper Input Validation Vulnerability", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "ThinManager\u00ae ThinServer\u2122", "versions": [{"status": "affected", "version": "11.1.0"}, {"status": "affected", "version": "11.2.0"}, {"status": "affected", "version": "12.0.0"}, {"status": "affected", "version": "12.1.0"}, {"status": "affected", "version": "13.0.0"}, {"status": "affected", "version": "13.1.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight", "supportingMedia": [{"type": "text/html", "value": "\n\n <b></b><table><tbody><tr><td><p>Affected Product</p></td><td><p>CVE</p></td><td><p>First Known in software version</p></td><td><p>Corrected in software version (<b><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">Available Here</a></b>)</p></td></tr><tr><td rowspan=\"2\"><p><b>ThinManager\u00ae ThinServer\u2122</b></p></td><td><p>2024-5988</p><p>2024-5989</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>11.1.0</p><p>11.2.0</p><p>12.0.0</p><p>12.1.0</p><p>13.0.0</p><p>13.1.0</p><p>13.2.0</p></td><td><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.2.9</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.0.7</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.0.5</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.1.3</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.2.2</a></p></td></tr><tr><td><p>2024-5990</p></td><td><p>11.1.0</p><p>11.2.0</p><p>12.0.0</p><p>12.1.0</p><p>13.0.0</p><p>13.1.0</p></td><td><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.2.9</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.0.7</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.0.4</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.1.2</a></p></td></tr></tbody></table><p><b>\n\n</b></p><p><b>Customers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.</b></p><p><b>\u00b7Update to the corrected software versions via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">ThinManager\u00ae Downloads Site</a></b></p><p><b>\u00b7Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.</b></p><p><b>\u00b7 <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></b></p><b>\n\n</b><p></p><br>", "base64": false}]}], "datePublic": "2024-06-25T13:00:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device. </span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-06-25T16:11:01.407Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5990", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:03.210Z", "dateReserved": "2024-06-13T20:56:10.603Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2024-06-25T16:11:01.407Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BC59B57-F8F5-4979-826B-EAA0A8456B2A", "versionEndExcluding": "11.1.8", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "79481998-C98B-4486-A2DC-C4DE324DCA10", "versionEndExcluding": "11.2.9", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFD553E2-EB04-4D97-AD70-2175933E3DCD", "versionEndExcluding": "12.0.7", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC5BBCD2-0C47-4B48-81DD-D56D5677BFA0", "versionEndExcluding": "12.1.8", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "74B76C09-5C22-4D58-85AC-D9D643F3AB73", "versionEndExcluding": "13.0.4", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2789DF38-D501-415B-8D62-D3B7324B977E", "versionEndExcluding": "13.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "33A7D7B2-945B-48AD-AD65-C1DDD52811DC", "versionEndExcluding": "11.1.8", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "808EDF9D-E721-4513-8AC9-A7B86163F0AE", "versionEndExcluding": "11.2.9", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D00E4B0-2B55-460B-B394-BE0E379144FA", "versionEndExcluding": "12.0.7", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D2E6604-AED5-4099-B2EB-E33F15095C6A", "versionEndExcluding": "12.1.8", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F115CDD-5656-4133-8976-69C9DE85CED3", "versionEndExcluding": "13.0.4", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "AED71D3B-5B11-48D7-9886-BA221CAB0F14", "versionEndExcluding": "13.1.2", "versionStartIncluding": "13.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer\u2122 and cause a denial-of-service condition on the affected device."}, {"lang": "es", "value": "Debido a una validaci\u00f3n de entrada incorrecta, un actor de amenazas no autenticado puede enviar un mensaje malicioso a un hilo de monitor dentro de Rockwell Automation ThinServer\u2122 y provocar una condici\u00f3n de denegaci\u00f3n de servicio en el dispositivo afectado."}], "id": "CVE-2024-5990", "lastModified": "2024-11-21T09:48:42.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2024-06-25T16:15:25.470", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Vendor Advisory"], "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}