Rockwell Automation has recently disclosed multiple critical vulnerabilities in its FactoryTalk ThinManager software, a key component used in industrial control systems.
These vulnerabilities, identified by cybersecurity researchers at Tenable Network Security, pose significant risks to industrial environments by potentially allowing attackers to manipulate databases or trigger denial-of-service (DoS) conditions.
The vulnerabilities, tracked as CVE-2024-10386 and CVE-2024-10387, affect several versions of ThinManager, specifically versions 11.2.0 through 14.0.0.
The company has released patches for these vulnerabilities and urges users to update their systems promptly to mitigate the risks.
Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs
Rockwell Automation ThinManager Vulnerability
1. CVE-2024-10386: This vulnerability is categorized as “Missing Authentication for Critical Function” (CWE-306).
It allows attackers with network access to send specially crafted messages to ThinManager devices, potentially leading to unauthorized database manipulation.
This flaw has been assigned a CVSS v3.1 base score of 9.8, indicating its critical nature.
2. CVE-2024-10387: This issue involves an “Out-of-Bounds Read” (CWE-125), which can result in a denial-of-service condition if exploited.
Attackers can disrupt the operations of ThinManager by sending crafted messages over the network. This vulnerability has a CVSS v3.1 base score of 7.5 and a CVSS v4 score of 8.7, highlighting its severity.
These vulnerabilities are particularly concerning for sectors relying on industrial automation, as they could lead to significant operational disruptions if exploited.
Rockwell Automation has provided several recommendations to mitigate these vulnerabilities:
Software Updates: Users are advised to upgrade to the latest corrected versions of ThinManager, which are available on the official download site.
Network Hardening: It is recommended to limit communications on TCP port 2031 only to devices that require connection to ThinManager, thereby reducing exposure to potential attacks.
Security Best Practices: Implementing comprehensive security measures and following Rockwell Automation’s guidelines can help minimize risks associated with these vulnerabilities.
Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert urging organizations to prioritize these updates and implement robust network security measures, such as isolating control systems behind firewalls and using secure remote access methods like VPNs.
The successful exploitation of these vulnerabilities could have far-reaching consequences for industrial control systems, which are critical for managing manufacturing processes and infrastructure operations.
Attackers could potentially gain unauthorized access or disrupt services, leading to operational downtime and financial losses.
Rockwell Automation emphasizes the importance of addressing these vulnerabilities promptly and encourages organizations to report any suspicious activities related to these flaws for further investigation.
Rockwell Automation has taken steps to address these vulnerabilities through patches and recommendations, it is crucial for organizations using ThinManager to act swiftly in implementing these updates and security measures to safeguard their industrial environments from potential cyber threats.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!