cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7988,https://securityvulnerability.io/vulnerability/CVE-2024-7988,Arbitrary Code Execution Vulnerability in ThinManager® ThinServer™ Due to Lack of Data Input Validation,"A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten.",Rockwell Automation,Thinmanager® Thinserver™,,,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-08-26T14:47:07.612Z,0
CVE-2024-7987,https://securityvulnerability.io/vulnerability/CVE-2024-7987,Remote Code Execution Vulnerability in Rockwell Automation ThinManager® ThinServer™,"A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™
that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files.",Rockwell Automation,Thinmanager® Thinserver™,,,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-08-26T14:40:29.255Z,0
CVE-2024-7986,https://securityvulnerability.io/vulnerability/CVE-2024-7986,ThinManager® ThinServer Vulnerability Allows Sensitive Information Disclosure,A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory.,Rockwell Automation,Thinmanager® Thinserver™,,,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-08-23T11:51:55.080Z,0
CVE-2024-5990,https://securityvulnerability.io/vulnerability/CVE-2024-5990,Rockwell Automation ThinServer™ Vulnerability: Unauthenticated Denial-of-Service Attack,"An improper input validation vulnerability in Rockwell Automation's ThinServer™ permits unauthenticated threat actors to send crafted messages to a monitor thread. This exploitation can result in a denial-of-service condition, rendering the affected device inoperable. Users of ThinServer™ are advised to review the security advisory for mitigation steps.",Rockwell Automation,Thinmanager® Thinserver™,7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-25T16:11:01.407Z,0
CVE-2024-5989,https://securityvulnerability.io/vulnerability/CVE-2024-5989,Rockwell Automation ThinManager® ThinServer™ Vulnerable to SQL Injection,"An improper input validation vulnerability allows unauthenticated attackers to send specially crafted messages to the Rockwell Automation ThinManager® ThinServer™. This vulnerability enables the execution of SQL injection attacks, potentially allowing the attacker to manipulate database queries and trigger remote code execution. The risk posed by this vulnerability emphasizes the need for robust input validation measures in the affected product to safeguard against unauthorized access and exploitation.",Rockwell Automation,Thinmanager® Thinserver™,9.8,CRITICAL,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-06-25T16:01:39.103Z,0
CVE-2024-5988,https://securityvulnerability.io/vulnerability/CVE-2024-5988,Remote Code Execution Vulnerability in Rockwell Automation ThinManager® ThinServer™,"The vulnerability in Rockwell Automation ThinManager ThinServer arises from improper input validation, enabling unauthenticated threat actors to send malicious messages. These messages can trigger the execution of local or remote executables, potentially leading to unauthorized access and further exploits within the system. Users of affected versions are strongly advised to apply necessary updates and review security practices to mitigate risks associated with this vulnerability.",Rockwell Automation,Thinmanager® Thinserver™,9.8,CRITICAL,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-06-25T15:53:33.899Z,0
CVE-2023-2917,https://securityvulnerability.io/vulnerability/CVE-2023-2917,Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability,"The Rockwell Automation ThinManager Thinserver has a vulnerability due to improper input validation, leading to a path traversal issue. When processing specific functions, the ThinManager can be manipulated through the filename field. This allows unauthenticated remote attackers to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. Through the exploitation of this vulnerability, a malicious actor could potentially send a crafted synchronization protocol message, which could lead to remote code execution.",Rockwell Automation,Thinmanager Thinserver,9.8,CRITICAL,0.001550000044517219,false,,false,false,false,,,false,false,,2023-08-17T16:15:00.000Z,0
CVE-2023-2915,https://securityvulnerability.io/vulnerability/CVE-2023-2915,Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability,"The Rockwell Automation Thinmanager Thinserver is prone to an improper input validation vulnerability that allows for path traversal attacks. This issue arises when the ThinManager software processes specific functions, enabling unauthorized remote actors to delete arbitrary files with system privileges. A malicious user may exploit this flaw by sending a specially crafted synchronization protocol message, which can lead to service disruptions and potential data loss.",Rockwell Automation,Thinmanager Thinserver,7.5,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-08-17T16:15:00.000Z,0
CVE-2023-2914,https://securityvulnerability.io/vulnerability/CVE-2023-2914,Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy,"The Rockwell Automation ThinManager Thinserver is susceptible to improper input validation due to an integer overflow vulnerability. When the ThinManager processes specific incoming messages, it may trigger a read access violation, resulting in an unexpected termination of the process. This allows a malicious actor to exploit the vulnerability by crafting a synchronization protocol message, potentially leading to a denial of service condition. Organizations using ThinManager should apply the latest updates to mitigate this risk.",Rockwell Automation,Thinmanager Thinserver,7.5,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2023-08-17T16:15:00.000Z,0
CVE-2023-2913,https://securityvulnerability.io/vulnerability/CVE-2023-2913,Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability,"
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.


",Rockwell Automation,ThinManager ThinServer,6.5,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-07-18T20:15:00.000Z,0
CVE-2023-27857,https://securityvulnerability.io/vulnerability/CVE-2023-27857,Rockwell Automation ThinManager ThinServer Heap-Based Buffer Overflow,"In specific versions of Rockwell Automation's ThinManager ThinServer, a heap-based buffer over-read issue allows an unauthenticated remote attacker to exploit the vulnerability, leading to a potential denial of service through a crash of the ThinServer.exe due to a read access violation. This can result in service interruptions, impacting operational continuity.",Rockwell Automation,Thinmanager Thinserver,7.5,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-03-22T02:15:00.000Z,0
CVE-2023-27856,https://securityvulnerability.io/vulnerability/CVE-2023-27856,Rockwell Automation ThinManager ThinServer Path Traversal Download,"A path traversal vulnerability has been identified in Rockwell Automation's ThinManager ThinServer. This flaw occurs when processing a specific message type, allowing an unauthenticated remote attacker to exploit it. Successfully exploiting this vulnerability enables the attacker to download arbitrary files from the disk drive where ThinServer.exe is installed, potentially compromising sensitive information.",Rockwell Automation,ThinManager ThinServer,7.5,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-03-22T00:15:00.000Z,0
CVE-2023-27855,https://securityvulnerability.io/vulnerability/CVE-2023-27855,Rockwell Automation ThinManager ThinServer Path Traversal Upload,"In specific versions of Rockwell Automation's ThinManager ThinServer, a pathway traversal vulnerability has been identified. This flaw permits unauthorized remote attackers to exploit the system by uploading malicious files to any location on the disk drive where ThinServer.exe is situated. Such an exploit could allow attackers to overwrite legitimate executable files with harmful content, raising the prospect of remote code execution.",Rockwell Automation,ThinManager ThinServer,9.8,CRITICAL,0.0014600000577047467,false,,false,false,false,,,false,false,,2023-03-22T00:15:00.000Z,0
CVE-2022-38742,https://securityvulnerability.io/vulnerability/CVE-2022-38742,Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack,"Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.",Rockwell Automation,Thinmanager Thinserver,8.1,HIGH,0.0028800000436604023,false,,false,false,false,,,false,false,,2022-09-23T16:15:00.000Z,0