CVE-2024-10386 CRITICAL

CVE-2024-10386: Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability

Vendor Rockwell Automation
Product FactoryTalk ThinManager
Weakness CWE-306 · Missing auth
Published October 25, 2024
Last update October 25, 2024

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.

Key dates

02Disclosure timeline

October 25, 2024 CVE published
October 25, 2024 Record updated