CVE-2024-45826

MEDIUM

Rockwell Automation ThinManager 13.1.0-13.1.2 - Path Traversal and Remote Code Execution via Crafted POST Request

Title source: llm

Description

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.

References (1)

Core 1

Core References

Vendor Advisory

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html

Scores

CVSS v3 6.8

EPSS 0.1092

EPSS Percentile 95.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-610

Status published

Products (1)

rockwellautomation/thinmanager 13.1.0 - 13.1.3

Published Sep 12, 2024

Tracked Since Feb 18, 2026