Products
Rockwell Automation ThinManager ThinServer
Source
PSIRT@rockwellautomation.com
Tags
CVE-2024-7986 details
Published : Aug. 23, 2024, 12:15 p.m.
Last Modified : Aug. 23, 2024, 4:18 p.m.
Last Modified : Aug. 23, 2024, 4:18 p.m.
Description
A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-732 | Incorrect Permission Assignment for Critical Resource | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
References
URL | Source |
---|---|
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html | PSIRT@rockwellautomation.com |
This website uses the NVD API, but is not approved or certified by it.