Auth Bypass Enables Remote Database Manipulation in IoT Device
CVE-2024-10386 Published on October 25, 2024
Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability
CVE-2024-10386 IMPACT
An authentication
vulnerability exists in the affected product. The vulnerability could allow a
threat actor with network access to send crafted messages to the device, potentially
resulting in database manipulation.
Vulnerability Analysis
CVE-2024-10386 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2024-10386
Want to know whenever a new CVE is published for Rockwellautomation Thinmanager? stack.watch will email you.
Affected Versions
Rockwell Automation FactoryTalk ThinManager:- Version 11.2.0-11.2.9 is affected.
- Version 12.0.0-12.0.7 is affected.
- Version 12.1.0-12.1.8 is affected.
- Version 13.0.0-13.0.5 is affected.
- Version 13.1.0-13.1.3 is affected.
- Version 13.2.0-13.2.2 is affected.
- Version 14.0.0 is affected.
- Version 11.2.0, <= 11.2.9 is affected.
- Version 12.0.0, <= 12.0.7 is affected.
- Version 12.1.0, <= 12.1.8 is affected.
- Version 13.0.0, <= 13.0.5 is affected.
- Version 13.1.0, <= 13.1.3 is affected.
- Version 13.2.0, <= 13.2.2 is affected.
- Version 14.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.