PatchSiren cyber security CVE debrief
CVE-2024-45826 Rockwell Automation CVE debrief
A path traversal and remote code execution vulnerability exists in Rockwell Automation ThinManager due to improper input validation when processing crafted POST requests. Successful exploitation allows an authenticated attacker with high privileges to install executable files on affected systems. The vulnerability was disclosed by CISA on September 12, 2024, with patches available for affected versions.
- Vendor
- Rockwell Automation
- Product
- ThinManager
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-12
- Original CVE updated
- 2024-09-12
- Advisory published
- 2024-09-12
- Advisory updated
- 2024-09-12
Who should care
Organizations operating Rockwell Automation ThinManager in industrial environments, particularly manufacturing, energy, and critical infrastructure sectors. Security teams responsible for OT/ICS asset management, patch management personnel, and network defenders monitoring industrial control systems should prioritize assessment and remediation.
Technical summary
The vulnerability stems from improper input validation in ThinManager's handling of POST requests. An attacker with high privileges (PR:H) can craft a malicious POST request that exploits path traversal weaknesses to write executable files to arbitrary locations on the system. The network-accessible attack vector (AV:N) combined with low attack complexity (AC:L) makes this exploitable, though user interaction (UI:R) and high privilege requirements reduce the overall CVSS score to 6.8 (MEDIUM). The impact is severe if exploited, granting complete control over confidentiality, integrity, and availability (C:H/I:H/A:H).
Defensive priority
HIGH
Recommended defensive actions
- Upgrade ThinManager v13.1.x installations to version 13.1.3 or later
- Upgrade ThinManager v13.2.x installations to version 13.2.2 or later
- If immediate patching is not feasible, apply Rockwell Automation security best practices to reduce attack surface
- Review and restrict network access to ThinManager management interfaces
- Monitor for unauthorized executable installations or unexpected file system changes
- Validate input sanitization on all ThinManager POST request handlers
- resourceLinkAnnotations:ref-4,ref-6,ref-10
Evidence notes
Vulnerability disclosed via CISA ICS advisory ICSA-24-256-25 on September 12, 2024. CVSS 3.1 score of 6.8 (MEDIUM) with vector AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H indicates network attack vector requiring high privileges but resulting in complete confidentiality, integrity, and availability impact. Affected versions confirmed as ThinManager >=V13.1.0|<13.1.2 and >=V13.2.0|<13.2.1. Vendor fixes released in versions 13.1.3 and 13.2.2.
Official resources
-
CVE-2024-45826 CVE record
CVE.org
-
CVE-2024-45826 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-12