Rockwell Automation Product Security Update Advisory

Overview

 

An update has been released to address vulnerabilities in Rockwell Automation Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-7988, CVE 2024-7987

• ThinManager® ThinServer™ versions: 11.1.0 (inclusive) ~ 11.1.7 (inclusive)
• ThinManager® ThinServer™ versions: 11.2.0 (inclusive) ~ 11.2.8 (inclusive)
• ThinManager® ThinServer™ versions: 12.0.0 (inclusive) ~ 12.0.6 (inclusive)
• ThinManager® ThinServer™ versions: 12.1.0 (inclusive) ~ 12.1.7 (inclusive)
• ThinManager® ThinServer™ versions: 13.0.0 (inclusive) ~ 13.0.4 (inclusive)
• ThinManager® ThinServer™ versions: 13.1.0 (inclusive) ~ 13.1.2 (inclusive)
• ThinManager® ThinServer™ versions: 13.2.0 (inclusive) ~ 13.2.1 (inclusive)

 

Resolved Vulnerabilities

 

Remote code execution vulnerabilities in Rockwell Automation ThinManager® ThinServer™ that allow threat actors to execute arbitrary code with system privileges (CVE-2024-7988, CVE 2024-7987)

 

Vulnerability Patches

The following product-specific Vulnerability Patches are available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-7988, CVE 2024-7987

• ThinManager® ThinServer™ version: 11.1.8
• ThinManager® ThinServer™ version: 11.2.9
• ThinManager® ThinServer™ version: 12.0.7
• ThinManager® ThinServer™ version: 12.1.8
• ThinManager® ThinServer™ version: 13.0.5
• ThinManager® ThinServer™ version: 13.1.3
• ThinManager® ThinServer™ version: 13.2.2

 

References

[1] CVE-2024-7988 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-7988

[2] CVE 2024-7987 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-7987

[3] SD1692 | ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1692.html