ICSA-24-242-01
·
Published 2024-08-29
·
View on CISA ICS-CERT ↗
Rockwell Automation ThinManager ThinServer
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to read arbitrary files and execute arbitrary code with system privileges.
CVEs (3)
Remediations
- Rockwell Automation has created new software versions to address these issues. Users are encouraged to update their software to one of the following versions (or newer): 11.1.8, 11.2.9, 12.0.7, 12.1.8, 13.0.5, 13.1.3, 13.2.2
- Rockwell Automation encourages customers using the affected software to implement their suggested security best practices to minimize the risk of vulnerability.
- Security Best Practices
- For more information see the Rockwell Automation Security Advisory SD1692.
Affected Vendors
Rockwell Automation
Affected Products (7)
Rockwell Automation
·
ThinManager ThinServer
>=11.1.0|<11.1.7
Rockwell Automation
·
ThinManager ThinServer
>=11.2.0|<11.2.8
Rockwell Automation
·
ThinManager ThinServer
>=12.0.0|<12.0.6
Rockwell Automation
·
ThinManager ThinServer
>=12.1.0|<12.1.7
Rockwell Automation
·
ThinManager ThinServer
>=13.0.0|<13.0.4
Rockwell Automation
·
ThinManager ThinServer
>=13.1.0|<13.1.2
Rockwell Automation
·
ThinManager ThinServer
>=13.2.0|<13.2.1
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more