admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/10xxx/CVE-2024-10387.json

144 lines
7.0 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2024-10-25 13:00:32 +00:00
{
"-Synchronized-Data."
2024-10-25 18:00:32 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2024-10-25 13:00:32 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-10387",
"-Synchronized-Data."
2024-10-25 18:00:32 +00:00
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
"-Synchronized-Data."
2024-10-25 13:00:32 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2024-10-25 18:00:32 +00:00
"value": "CVE-2024-10387 IMPACT\n\n\n\nA Denial-of-Service\nvulnerability exists in the affected product. The vulnerability could allow a\nthreat actor with network access to send crafted messages to the device,\npotentially resulting in Denial-of-Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "FactoryTalk ThinManager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0-11.2.9"
},
{
"version_affected": "=",
"version_value": "12.0.0-12.0.7"
},
{
"version_affected": "=",
"version_value": "12.1.0-12.1.8"
},
{
"version_affected": "=",
"version_value": "13.0.0-13.0.5"
},
{
"version_affected": "=",
"version_value": "13.1.0-13.1.3"
},
{
"version_affected": "=",
"version_value": "13.2.0-13.2.2"
},
{
"version_affected": "=",
"version_value": "14.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p><span style=\"background-color: var(--wht);\">If able,\nnavigate to the </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\">ThinManager\u00ae download site</a><span style=\"background-color: var(--wht);\"> and upgrade to a corrected version of ThinManager\u00ae</span></p><p>Implement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae</p>\n\n\n\n<p>For\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">security best\npractices</a> to\nminimize the risk of the vulnerability.</p>"
}
],
"value": "If able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\nImplement\nnetwork hardening for ThinManager\u00ae Device(s) by limiting communications to TCP\n2031 to only the devices that need connection to the ThinManager\u00ae\n\n\n\n\n\nFor\ninformation on how to mitigate Security Risks on industrial automation control\nsystems, we encourage customers to implement our suggested security best\npractices to\nminimize the risk of the vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: var(--wht);\">If able,\nnavigate to the </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/\">ThinManager\u00ae download site</a><span style=\"background-color: var(--wht);\"> and upgrade to a corrected version of ThinManager\u00ae</span>\n\n<br><br><p>11.2.10<br>\n</p>\n\n<p>12.0.8<br>\n</p>\n\n<p>12.1.9<br>\n</p>\n\n<p>13.0.6 </p>\n\n\n\n<p>13.1.4 </p>\n\n\n\n<p>13.2.3 </p>\n\n\n\n<p>14.0.1</p>\n\n\n\n\n\n\n\n<br>"
}
],
"value": "If able,\nnavigate to the ThinManager\u00ae download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager\u00ae\n\n\n\n11.2.10\n\n\n\n\n\n12.0.8\n\n\n\n\n\n12.1.9\n\n\n\n\n\n13.0.6 \n\n\n\n\n\n13.1.4 \n\n\n\n\n\n13.2.3 \n\n\n\n\n\n14.0.1"
}
],
"credits": [
{
"lang": "en",
"value": "Tenable Network Security"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
"-Synchronized-Data."
2024-10-25 13:00:32 +00:00
}
]
}
}
Reference in New Issue Copy Permalink