Sign-up

ID

VAR-202410-3402


CVE

CVE-2024-10386


TITLE

Rockwell Automation  of  thinmanager  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-011988

DESCRIPTION

CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time

Trust: 2.16

sources: NVD: CVE-2024-10386 // JVNDB: JVNDB-2024-011988 // CNVD: CNVD-2024-46725

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-46725

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:thinmanagerscope:ltversion:13.2.3

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:gteversion:13.2.0

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:ltversion:12.0.8

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:eqversion:14.0.0

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:gteversion:12.0.0

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:gteversion:11.2.0

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:gteversion:13.1.0

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:ltversion:11.2.10

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:ltversion:13.0.6

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:ltversion:13.1.4

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:ltversion:12.1.9

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:gteversion:13.0.0

Trust: 1.0

vendor:rockwellautomationmodel:thinmanagerscope:gteversion:12.1.0

Trust: 1.0

vendor:rockwell automationmodel:thinmanagerscope:eqversion:13.2.0 that's all 13.2.3

Trust: 0.8

vendor:rockwell automationmodel:thinmanagerscope:eqversion:13.1.0 that's all 13.1.4

Trust: 0.8

vendor:rockwell automationmodel:thinmanagerscope:eqversion:11.2.0 that's all 11.2.10

Trust: 0.8

vendor:rockwell automationmodel:thinmanagerscope:eqversion:14.0.0

Trust: 0.8

vendor:rockwell automationmodel:thinmanagerscope:eqversion:12.0.0 that's all 12.0.8

Trust: 0.8

vendor:rockwell automationmodel:thinmanagerscope:eqversion: -

Trust: 0.8

vendor:rockwell automationmodel:thinmanagerscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:thinmanagerscope:eqversion:13.0.0 that's all 13.0.6

Trust: 0.8

vendor:rockwell automationmodel:thinmanagerscope:eqversion:12.1.0 that's all 12.1.9

Trust: 0.8

vendor:rockwellmodel:automation rockwell automation thinmanagerscope:gteversion:11.2.0,<=11.2.9

Trust: 0.6

vendor:rockwellmodel:automation rockwell automation thinmanagerscope:gteversion:12.0.0,<=12.0.7

Trust: 0.6

vendor:rockwellmodel:automation rockwell automation thinmanagerscope:gteversion:12.1.0,<=12.1.8

Trust: 0.6

vendor:rockwellmodel:automation rockwell automation thinmanagerscope:gteversion:13.0.0,<=13.0.5

Trust: 0.6

vendor:rockwellmodel:automation rockwell automation thinmanagerscope:gteversion:13.1.0,<=13.1.3

Trust: 0.6

vendor:rockwellmodel:automation rockwell automation thinmanagerscope:gteversion:13.2.0,<=13.2.2

Trust: 0.6

vendor:rockwellmodel:automation rockwell automation thinmanagerscope:eqversion:14.0.0

Trust: 0.6

sources: CNVD: CNVD-2024-46725 // JVNDB: JVNDB-2024-011988 // NVD: CVE-2024-10386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-10386
value: CRITICAL

Trust: 1.0

PSIRT@rockwellautomation.com: CVE-2024-10386
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-10386
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-46725
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-46725
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-10386
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-10386
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-46725 // JVNDB: JVNDB-2024-011988 // NVD: CVE-2024-10386 // NVD: CVE-2024-10386

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-011988 // NVD: CVE-2024-10386

PATCH

title:Patch for Rockwell Automation ThinManager Authentication Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/634596

Trust: 0.6

sources: CNVD: CNVD-2024-46725

EXTERNAL IDS

db:NVDid:CVE-2024-10386

Trust: 3.2

db:JVNid:JVNVU97090361

Trust: 0.8

db:ICS CERTid:ICSA-24-305-01

Trust: 0.8

db:JVNDBid:JVNDB-2024-011988

Trust: 0.8

db:CNVDid:CNVD-2024-46725

Trust: 0.6

sources: CNVD: CNVD-2024-46725 // JVNDB: JVNDB-2024-011988 // NVD: CVE-2024-10386

REFERENCES

url:https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1708.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu97090361/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-10386

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-305-01

Trust: 0.8

sources: CNVD: CNVD-2024-46725 // JVNDB: JVNDB-2024-011988 // NVD: CVE-2024-10386

SOURCES

db:CNVDid:CNVD-2024-46725
db:JVNDBid:JVNDB-2024-011988
db:NVDid:CVE-2024-10386

LAST UPDATE DATE

2024-12-21T19:23:34.666000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-46725date:2024-12-02T00:00:00
db:JVNDBid:JVNDB-2024-011988date:2024-11-06T01:18:00
db:NVDid:CVE-2024-10386date:2024-11-05T20:07:59.487

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-46725date:2024-12-02T00:00:00
db:JVNDBid:JVNDB-2024-011988date:2024-11-06T00:00:00
db:NVDid:CVE-2024-10386date:2024-10-25T17:15:03.987