What is the severity of CVE-2024-10387?

CVE-2024-10387 has been classified as a Denial-of-Service vulnerability.

How do I fix CVE-2024-10387?

To mitigate CVE-2024-10387, update Rockwell Automation ThinManager to the latest patched version.

What products are affected by CVE-2024-10387?

CVE-2024-10387 affects multiple versions of Rockwell Automation ThinManager, specifically versions between 11.2.0 and 14.0.0.

Can CVE-2024-10387 be exploited remotely?

Yes, CVE-2024-10387 can be exploited by a threat actor with network access.

What impact does CVE-2024-10387 have on affected systems?

CVE-2024-10387 can lead to a Denial-of-Service condition on the affected devices.

Vulnerability/
CVE-2024-10387

high

8.7

CWE

125

25/10/2024

5/11/2024

CVE-2024-10387: Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability

First published: Fri Oct 25 2024(Updated: )

CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.

Credit: PSIRT@rockwellautomation.com

Affected Software	Affected Version	How to fix
Rockwell Automation ThinManager ThinServer	>=11.2.0<11.2.10
Rockwell Automation ThinManager ThinServer	>=12.0.0<12.0.8
Rockwell Automation ThinManager ThinServer	>=12.1.0<12.1.9
Rockwell Automation ThinManager ThinServer	>=13.0.0<13.0.6
Rockwell Automation ThinManager ThinServer	>=13.1.0<=13.1.4
Rockwell Automation ThinManager ThinServer	>=13.2.0<=13.2.3
Rockwell Automation ThinManager ThinServer	=14.0.0

Remedy

If able, navigate to the ThinManager® download site https://thinmanager.com/downloads/ and upgrade to a corrected version of ThinManager® 11.2.10 12.0.8 12.1.9 13.0.6 13.1.4 13.2.3 14.0.1

Never miss a vulnerability like this again

Reference Links

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html

Frequently Asked Questions

What is the severity of CVE-2024-10387?
CVE-2024-10387 has been classified as a Denial-of-Service vulnerability.
How do I fix CVE-2024-10387?
To mitigate CVE-2024-10387, update Rockwell Automation ThinManager to the latest patched version.
What products are affected by CVE-2024-10387?
CVE-2024-10387 affects multiple versions of Rockwell Automation ThinManager, specifically versions between 11.2.0 and 14.0.0.
Can CVE-2024-10387 be exploited remotely?
Yes, CVE-2024-10387 can be exploited by a threat actor with network access.
What impact does CVE-2024-10387 have on affected systems?
CVE-2024-10387 can lead to a Denial-of-Service condition on the affected devices.

agent/title
agent/references
agent/weakness
agent/remedy
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/rockwellautomation
canonical/rockwell automation thinmanager thinserver
version/rockwell automation thinmanager thinserver/11.2.0
version/rockwell automation thinmanager thinserver/12.0.0
version/rockwell automation thinmanager thinserver/12.1.0
version/rockwell automation thinmanager thinserver/13.0.0
version/rockwell automation thinmanager thinserver/13.1.0
version/rockwell automation thinmanager thinserver/13.1.4
version/rockwell automation thinmanager thinserver/13.2.0
version/rockwell automation thinmanager thinserver/13.2.3
version/rockwell automation thinmanager thinserver/14.0.0