ICSA-24-305-01
·
Published 2024-10-31
·
View on CISA ICS-CERT ↗
Rockwell Automation FactoryTalk ThinManager
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to send crafted messages to the device resulting in database manipulation or a denial-of-service condition.
CVEs (2)
Remediations
- Rockwell Automation has provided a fix for the affected versions on the FactoryTalk ThinManager download site.
- Rockwell Automation encourages users of the affected software to apply these risk mitigations if possible.
- Implement network hardening for ThinManager Device(s) by limiting communications to TCP 2031 to only the devices that need connection to the ThinManager.
- For information on how to mitigate security risks on industrial automation control systems, users are encouraged to implement Rockwell Automation's suggested security best practices to minimize the risk of the vulnerability.
- For more information, see Rockwell Automation's security bulletin.
Affected Vendors
Rockwell Automation
Affected Products (7)
Rockwell Automation
·
ThinManager
>=11.2.0|<11.2.9
Rockwell Automation
·
ThinManager
>=12.0.0|<12.0.7
Rockwell Automation
·
ThinManager
>=12.1.0|<12.1.8
Rockwell Automation
·
ThinManager
>=13.0.0|<13.0.5
Rockwell Automation
·
ThinManager
>=13.1.0|<13.1.3
Rockwell Automation
·
ThinManager
>=13.2.0|<13.2.2
Rockwell Automation
·
ThinManager
14.0.0
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more