Today > | 4 High | 23 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-7986

Aug. 23, 2024, 4:18 p.m.

Product(s) Impacted

Rockwell Automation ThinManager ThinServer

Description

A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.

Weaknesses

CWE-732
Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CWE ID: 732

Date

Published: Aug. 23, 2024, 12:15 p.m.

Last Modified: Aug. 23, 2024, 4:18 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

PSIRT@rockwellautomation.com

References

https://www.rockwellautomation.com/ PSIRT@rockwellautomation.com