Vulnerabilities > Rockwellautomation > Thinmanager

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-45826 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Rockwellautomation Thinmanager 13.1.0/13.2.0
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request.
network
low complexity
rockwellautomation CWE-610
8.8
2024-06-25 CVE-2024-5988 Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
network
low complexity
rockwellautomation
critical
9.8
2024-06-25 CVE-2024-5989 Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
network
low complexity
rockwellautomation
critical
9.8
2024-06-25 CVE-2024-5990 Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
network
low complexity
rockwellautomation
7.5
2023-07-18 CVE-2023-2913 Path Traversal vulnerability in Rockwellautomation Thinmanager 13.0.0/13.0.1/13.0.2
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings.
network
low complexity
rockwellautomation CWE-22
6.5
2023-05-11 CVE-2023-2443 Inadequate Encryption Strength vulnerability in Rockwellautomation Thinmanager
Rockwell Automation ThinManager product allows the use of medium strength ciphers.
network
low complexity
rockwellautomation CWE-326
7.5
2023-03-22 CVE-2023-27857 Out-of-bounds Read vulnerability in Rockwellautomation Thinmanager
In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer.  An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
network
low complexity
rockwellautomation CWE-125
7.5
2023-03-22 CVE-2023-27855 Path Traversal vulnerability in Rockwellautomation Thinmanager
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer.
network
low complexity
rockwellautomation CWE-22
critical
9.8
2023-03-22 CVE-2023-27856 Path Traversal vulnerability in Rockwellautomation Thinmanager
In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer.
network
low complexity
rockwellautomation CWE-22
7.5