ICSA-24-193-18
·
Published 2024-07-11
·
View on CISA ICS-CERT ↗
Rockwell Automation ThinManager ThinServer
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial-of-service condition.
CVEs (3)
Remediations
- Rockwell Automation has corrected the reported vulnerabilities in the following versions available at the ThinManager download site:11.1.8, 11.2.9 12.0.7, 12.1.8, 13.0.5, 13.1.3, 13.2.2
- Rockwell Automation recommends users of the affected software to apply the risk mitigations from the list below. Users are also recommended to implement Rockwell Automation's suggested security best practices to minimize the potential risk of vulnerability.
- Update to the corrected software versions via the ThinManager Downloads Site
- Limit remote access for TCP Port 2031 to known thin clients and ThinManager servers.
- Security Best Practices
Affected Vendors
Rockwell Automation
Affected Products (2)
Rockwell Automation
·
ThinManager ThinServer
11.1.0|11.2.0|12.0.0|12.1.0|13.0.0|13.1.0|13.2.0
Rockwell Automation
·
ThinManager ThinServer
11.1.0|11.2.0|12.0.0|12.1.0|13.0.0|13.1.0
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more