admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/5xxx/CVE-2024-5988.json

107 lines
8.4 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2024-06-13 21:00:34 +00:00
{
"-Synchronized-Data."
2024-06-25 16:00:33 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2024-06-13 21:00:34 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-5988",
"-Synchronized-Data."
2024-06-25 16:00:33 +00:00
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
"-Synchronized-Data."
2024-06-13 21:00:34 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2024-06-25 16:00:33 +00:00
"value": "Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation\u00a0ThinManager\u00ae ThinServer\u2122."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "ThinManager\u00ae ThinServer\u2122",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "11.2.0"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "12.1.0"
},
{
"version_affected": "=",
"version_value": "13.0.0"
},
{
"version_affected": "=",
"version_value": "13.1.0"
},
{
"version_affected": "=",
"version_value": "13.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"-Synchronized-Data."
2024-06-25 17:00:36 +00:00
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html",
"-Synchronized-Data."
2024-06-25 16:00:33 +00:00
"refsource": "MISC",
"-Synchronized-Data."
2024-06-25 17:00:36 +00:00
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"
"-Synchronized-Data."
2024-06-13 21:00:34 +00:00
}
]
"-Synchronized-Data."
2024-06-25 16:00:33 +00:00
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"-Synchronized-Data."
2024-06-25 17:00:36 +00:00
"value": "<table><tbody><tr><td><p>Affected Product</p></td><td><p>CVE</p></td><td><p>First Known in software version</p></td><td><p>Corrected in software version (<b><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">Available Here</a></b>)</p></td></tr><tr><td rowspan=\"2\"><p><b>ThinManager\u00ae ThinServer\u2122</b></p></td><td><p>2024-5988</p><p>2024-5989</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>11.1.0</p><p>11.2.0</p><p>12.0.0</p><p>12.1.0</p><p>13.0.0</p><p>13.1.0</p><p>13.2.0</p></td><td><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.2.9</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.0.7</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.0.5</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.1.3</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.2.2</a></p></td></tr><tr><td><p>2024-5990</p></td><td><p>11.1.0</p><p>11.2.0</p><p>12.0.0</p><p>12.1.0</p><p>13.0.0</p><p>13.1.0</p></td><td><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.2.9</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.0.7</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.0.4</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.1.2</a></p></td></tr></tbody></table>\n\n<br>\n\n<p>Customers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.</p><p>\u00b7 Update to the corrected software versions via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">ThinManager\u00ae Downloads Site</a></p><p>\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.</p><p>\u00b7 Security<a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">&nbsp;Best Practices</a></p><p><b>&nbsp;</b></p>\n\n<br>"
"-Synchronized-Data."
2024-06-25 16:00:33 +00:00
}
],
"value": "Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager\u00ae ThinServer\u2122\n\n2024-5988\n\n2024-5989\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n\u00b7 Update to the corrected software versions via the ThinManager\u00ae Downloads Site https://thinmanager.com/downloads/index.php \n\n\u00b7 Limit remote access for TCP Port 2031 to known thin clients and ThinManager\u00ae servers.\n\n\u00b7 Security \u00a0Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
]
"-Synchronized-Data."
2024-06-13 21:00:34 +00:00
}
Reference in New Issue Copy Permalink