SecuriTricks - CVE-2024-7986

Product(s) Impacted

Rockwell Automation ThinManager ThinServer

Description

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.

Weaknesses

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CWE ID: 732

Date

Published: Aug. 23, 2024, 12:15 p.m.

Last Modified: Aug. 23, 2024, 4:18 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

PSIRT@rockwellautomation.com

CVE-2024-7986

Tags

Product(s) Impacted

Description

Weaknesses

CWE-732

Incorrect Permission Assignment for Critical Resource

Date

Status : Awaiting Analysis

Source

References

CVE-2024-7986

Tags

Product(s) Impacted

Description

Weaknesses

CWE-732

Incorrect Permission Assignment for Critical Resource

Date

Status : Awaiting Analysis

Source

References

Share