CVE-2024-5989

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*

History

16 Sep 2024, 12:08

Type Values Removed Values Added
CPE cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:thinserver:*:*:*:*:*:*:*:*
First Time Rockwellautomation thinserver
Rockwellautomation thinmanager
Rockwellautomation
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
Summary
  • (es) Debido a una validación de entrada incorrecta, un actor de amenazas no autenticado puede enviar un mensaje malicioso para invocar una inyección SQL en el programa y provocar una condición de ejecución remota de código en el ThinManager® ThinServer™ de Rockwell Automation.
CWE NVD-CWE-noinfo
References () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html - () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html - Vendor Advisory

25 Jun 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-25 16:15

Updated : 2024-09-16 12:08


NVD link : CVE-2024-5989

Mitre link : CVE-2024-5989

CVE.ORG link : CVE-2024-5989


JSON object : View

Products Affected

rockwellautomation

  • thinserver
  • thinmanager
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation