CVE-2024-7988

CRITICAL

Rockwell Automation ThinManager ThinServer - RCE

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten.

Scores

CVSS v3 9.8
EPSS 0.0148
EPSS Percentile 70.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-20
Status published
Products (1)
rockwellautomation/thinmanager_thinserver 11.1.0 - 11.1.8
Published Aug 26, 2024
Tracked Since Feb 18, 2026