Main Vulnerability Database Vulnerabilities #VU96478

Incorrect permission assignment for critical resource in ThinManager and ThinServer - CVE-2024-7987

Published: August 23, 2024

Vulnerability identifier: #VU96478

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-7987

CWE-ID: CWE-732

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ThinManager
ThinServer

Software vendor:
Rockwell Automation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the lack of proper access controls set on resources used by the the ThinServer service, which leads to security restrictions bypass and privilege escalation.

Remediation

Install update from vendor's website.

External links

https://www.rockwellautomation.com/en-ca/trust-center/security-advisories/advisory.SD1692.html
https://www.zerodayinitiative.com/advisories/ZDI-24-1157/

Incorrect permission assignment for critical resource in ThinManager and ThinServer - CVE-2024-7987

Description

Remediation

External links

Please verify you're human