Rockwellautomation

Thinmanager

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-9065

  • EPSS 0.01%
  • Veröffentlicht 09.09.2025 12:51:42
  • Zuletzt bearbeitet 20.10.2025 19:17:27

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServ...

5.5

CVE-2025-3618

  • EPSS 0.02%
  • Veröffentlicht 15.04.2025 17:19:53
  • Zuletzt bearbeitet 14.07.2025 19:17:04

A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service ...

7.8

CVE-2025-3617

  • EPSS 0.01%
  • Veröffentlicht 15.04.2025 17:17:25
  • Zuletzt bearbeitet 14.07.2025 19:16:28

A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent direct...

7.5

CVE-2024-10387

  • EPSS 1.88%
  • Veröffentlicht 25.10.2024 17:15:04
  • Zuletzt bearbeitet 05.11.2024 20:05:55

CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.

9.8

CVE-2024-10386

  • EPSS 2.24%
  • Veröffentlicht 25.10.2024 17:15:03
  • Zuletzt bearbeitet 05.11.2024 20:07:59

CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.

8.8

CVE-2024-45826

  • EPSS 5.51%
  • Veröffentlicht 12.09.2024 15:18:24
  • Zuletzt bearbeitet 02.10.2024 14:35:38

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.

7.5

CVE-2024-7986

  • EPSS 0.1%
  • Veröffentlicht 23.08.2024 12:15:03
  • Zuletzt bearbeitet 21.02.2025 19:08:44

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creati...

9.8

CVE-2024-5989

  • EPSS 2.76%
  • Veröffentlicht 25.06.2024 16:15:25
  • Zuletzt bearbeitet 21.11.2024 09:48:42

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.

7.5

CVE-2024-5990

  • EPSS 0.28%
  • Veröffentlicht 25.06.2024 16:15:25
  • Zuletzt bearbeitet 21.11.2024 09:48:42

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.

9.8

CVE-2024-5988

  • EPSS 4.25%
  • Veröffentlicht 25.06.2024 16:15:24
  • Zuletzt bearbeitet 21.11.2024 09:48:42

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.