SB2024082329 - Multiple vulnerabilities in Rockwell Automation ThinManager and ThinServer

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Arbitrary file upload (CVE-ID: CVE-2024-7988)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the ThinServer service. A remote attacker can upload a malicious file and execute it on the server.

2) Improper privilege management (CVE-ID: CVE-2024-7986)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to improper privilege management within the ThinServer service. A local user can gain unauthorized access to sensitive information on the system.

3) Incorrect permission assignment for critical resource (CVE-ID: CVE-2024-7987)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the lack of proper access controls set on resources used by the the ThinServer service, which leads to security restrictions bypass and privilege escalation.

Remediation

Install update from vendor's website.

References

• https://www.zerodayinitiative.com/advisories/ZDI-24-1158/
• https://www.rockwellautomation.com/en-ca/trust-center/security-advisories/advisory.SD1692.html
• https://www.zerodayinitiative.com/advisories/ZDI-24-1156/
• https://www.zerodayinitiative.com/advisories/ZDI-24-1157/