Back

CVE-2024-7986

Aug. 23, 2024, 4:18 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Rockwell Automation ThinManager ThinServer

Source

PSIRT@rockwellautomation.com

Tags

CWE-732
PSIRT@rockwellautomation.com
2024-08-23
CVE-2024-7986

CVE-2024-7986 details

Published : Aug. 23, 2024, 12:15 p.m.
Last Modified : Aug. 23, 2024, 4:18 p.m.

Description

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-732 Incorrect Permission Assignment for Critical Resource The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

URL Source
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html PSIRT@rockwellautomation.com
This website uses the NVD API, but is not approved or certified by it.