CVE-2024-45826

MEDIUM

Rockwellautomation Thinmanager < 13.1.3 - Remote Code Execution

Title source: rule

Description

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.

References (1)

[Vendor Advisory] https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html

Scores

CVSS v3 6.8

EPSS 0.0334

EPSS Percentile 87.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-610

Status published

Products (1)

rockwellautomation/thinmanager 13.1.0 - 13.1.3

Published Sep 12, 2024

Tracked Since Feb 18, 2026