CVE-2024-7988 CRITICAL

CVE-2024-7988: ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities

Vendor Rockwell Automation
Product ThinManager® ThinServer™
Weakness CWE-20 · Input validation
Published August 26, 2024
Last update August 26, 2024

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten.

Key dates

02Disclosure timeline

August 26, 2024 CVE published
August 26, 2024 Record updated