Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities | allinfosecnews.com

June 25, 2024, 11:48 a.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities

CVE-2024-5988 - Message Type 20 Unauthenticated Remote Code Execution (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

An unauthenticated remote attacker can send a specifically crafted synchronization message of type 20 to execute a Tcl command, which can invoke a local or remote executable under the security context of SYSTEM.

CVE-2024-5989 - Message Type 11 Unauthenticated Database Manipulation (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

An unauthenticated remote attacker can send a specifically crafted synchronization message of type 11 to issue SQL statements to the ThinManager database. …

attacker automation can code code execution command context cve cve-2024 cvss database local message remote code remote code execution rockwell rockwell automation security send synchronization system tcl thinmanager unauthenticated under vulnerabilities

More from www.tenable.com / Tenable Research Advisories

Fortra FileCatalyst Workflow Unauthenticated SQLi 4 days ago | www.tenable.com

build class fortra injection +11

Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities 4 days, 4 hours ago | www.tenable.com

attacker automation can code +22

NextChat Server-Side Request Forgery / Cross-Site Scripting 4 days, 8 hours ago | www.tenable.com

api attacks code cross-site +12

SSRF Security Feature Bypass in Azure AI and ML Studios 1 week, 5 days ago | www.tenable.com

azure azure ai bypass evan +5

Multiple Vulnerabilities in Adobe FrameMaker Publishing Server (FMPS) December 2022 release Update 2 3 weeks, 2 days ago | www.tenable.com

adobe adobe framemaker api api authentication +13

Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 3 weeks, 4 days ago | www.tenable.com

cloud cloud functions cloud platform escalation +9

Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 3 weeks, 4 days ago | www.tenable.com

cloud cloud functions cloud platform escalation +9

Microsoft Azure Firewall Bypass Vulnerability 3 weeks, 5 days ago | www.tenable.com

azure bypass bypass vulnerability firewall +4

Google Cloud Platform Remote Code Execution Vulnerability in GCP Composer 3 weeks, 5 days ago | www.tenable.com

arbitrary code attackers cloud cloud platform +19

Watch Officer and Operations Officer

@ Interclypse | Arlington, VA, US

View on infosec-jobs.com

Sales Development Representative

@ Devo | United States

View on infosec-jobs.com

Principal Software Engineer

@ Oracle | Seattle, WA, United States

View on infosec-jobs.com

Engineering Manager, Cloud - TDIR (Remote)

@ CrowdStrike | USA CA Remote

View on infosec-jobs.com

Linux System Administrator II

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com

Linux System Administrator

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com