CVE-2024-5990 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation ThinManager ThinServer in industrial environments, particularly those with remote thin client deployments or exposed ThinServer instances. Critical infrastructure operators, manufacturing facilities, and any OT environments where ThinManager availability is essential for operational continuity.

Technical summary

CVE-2024-5990 is an improper input validation vulnerability in Rockwell Automation ThinManager ThinServer. An unauthenticated attacker can send a crafted message to a monitor thread listening on TCP port 2031, causing a denial-of-service condition on the affected device. The vulnerability is network-exploitable with low attack complexity and requires no privileges or user interaction. CVSS 3.1 score: 7.5 (HIGH). Affected versions include 11.1.0, 11.2.0, 12.0.0, 12.1.0, 13.0.0, and 13.1.0. Rockwell Automation has released patched versions for all affected branches.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade ThinManager ThinServer to corrected versions: 11.1.8, 11.2.9, 12.0.7, 12.1.8, 13.0.5, 13.1.3, or 13.2.2 via the ThinManager Downloads Site
• Restrict network access to TCP port 2031 to only known thin clients and ThinManager servers
• Apply Rockwell Automation's security best practices for industrial control systems
• Monitor ThinServer availability and implement redundancy where critical operations depend on ThinManager infrastructure

Evidence notes

CISA published advisory ICSA-24-193-18 on 2024-07-11 identifying this vulnerability. The advisory confirms unauthenticated network access to TCP port 2031 is sufficient to trigger the denial-of-service condition. Rockwell Automation has provided corrected software versions across all affected release branches.

Official resources