PatchSiren cyber security CVE debrief

CVE-2024-10386 Rockwell Automation CVE debrief

A critical authentication vulnerability in Rockwell Automation FactoryTalk ThinManager allows unauthenticated network attackers to send crafted messages that may result in database manipulation. The flaw affects multiple ThinManager versions from 11.2.0 through 14.0.0. Rockwell Automation has released patches for all affected versions.

Vendor: Rockwell Automation
Product: ThinManager
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-10-31
Original CVE updated: 2024-10-31
Advisory published: 2024-10-31
Advisory updated: 2024-10-31

Who should care

Organizations running Rockwell Automation FactoryTalk ThinManager versions 11.2.0 through 14.0.0, particularly in industrial control system (ICS) environments where ThinManager manages thin client deployments for manufacturing, process control, and critical infrastructure operations.

Technical summary

The vulnerability exists in the authentication mechanism of FactoryTalk ThinManager. A threat actor with network access can send crafted messages to the device without authentication, potentially resulting in database manipulation. The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates network exploitable, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability.

Defensive priority

critical

Recommended defensive actions

Apply vendor patches immediately from the FactoryTalk ThinManager download site for affected versions: 11.2.x before 11.2.9, 12.0.x before 12.0.7, 12.1.x before 12.1.8, 13.0.x before 13.0.5, 13.1.x before 13.1.3, 13.2.x

Evidence notes

CISA published advisory ICSA-24-305-01 on 2024-10-31 with CVSS 3.1 score 9.8 (Critical). The vulnerability is an authentication bypass allowing network-based attackers to manipulate the ThinManager database without credentials.

Official resources

2024-10-31