CVE-2024-10387
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
CVE-2024-10387 IMPACT
A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rockwell Automation | FactoryTalk ThinManager | 11.2.0-11.2.9 | affected |
| Rockwell Automation | FactoryTalk ThinManager | 12.0.0-12.0.7 | affected |
| Rockwell Automation | FactoryTalk ThinManager | 12.1.0-12.1.8 | affected |
| Rockwell Automation | FactoryTalk ThinManager | 13.0.0-13.0.5 | affected |
| Rockwell Automation | FactoryTalk ThinManager | 13.1.0-13.1.3 | affected |
| Rockwell Automation | FactoryTalk ThinManager | 13.2.0-13.2.2 | affected |
| Rockwell Automation | FactoryTalk ThinManager | 14.0.0 | affected |
Weaknesses
- CWE-125: CWE-125 Out-of-bounds Read
Workarounds
If able, navigate to the ThinManager® download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager®
Implement network hardening for ThinManager® Device(s) by limiting communications to TCP 2031 to only the devices that need connection to the ThinManager®
For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.