What is the severity of CVE-2024-45826?

CVE-2024-45826 is considered a high-severity vulnerability due to its potential for remote code execution.

How do I fix CVE-2024-45826?

To fix CVE-2024-45826, update your Rockwell Automation ThinManager software to the latest version that is not affected.

What types of attacks can CVE-2024-45826 enable?

CVE-2024-45826 can enable path traversal attacks and remote code execution through crafted POST requests.

Which versions of ThinManager are affected by CVE-2024-45826?

CVE-2024-45826 affects Rockwell Automation ThinManager versions 13.1.0 to 13.1.3 and 13.2.0 to 13.2.2.

What is path traversal in the context of CVE-2024-45826?

Path traversal in CVE-2024-45826 refers to the vulnerability that allows attackers to access files and directories outside the intended path.

Vulnerability/
CVE-2024-45826

high

8.8

CWE

610 20 22

12/9/2024

2/10/2024

CVE-2024-45826: ThinManager® Code Execution Vulnerability

First published: Thu Sep 12 2024(Updated: )

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.

Credit: PSIRT@rockwellautomation.com

Affected Software	Affected Version	How to fix
Rockwell Automation ThinManager ThinServer	>=13.1.0<13.1.3
Rockwell Automation ThinManager ThinServer	>=13.2.0<13.2.2

Remedy

Upgrade to V13.1.3 or V13.2.2

Never miss a vulnerability like this again

Reference Links

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1700.html

Frequently Asked Questions

What is the severity of CVE-2024-45826?
CVE-2024-45826 is considered a high-severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2024-45826?
To fix CVE-2024-45826, update your Rockwell Automation ThinManager software to the latest version that is not affected.
What types of attacks can CVE-2024-45826 enable?
CVE-2024-45826 can enable path traversal attacks and remote code execution through crafted POST requests.
Which versions of ThinManager are affected by CVE-2024-45826?
CVE-2024-45826 affects Rockwell Automation ThinManager versions 13.1.0 to 13.1.3 and 13.2.0 to 13.2.2.
What is path traversal in the context of CVE-2024-45826?
Path traversal in CVE-2024-45826 refers to the vulnerability that allows attackers to access files and directories outside the intended path.

agent/remedy
agent/title
agent/references
agent/weakness
agent/type
agent/first-publish-date
agent/description
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/rockwellautomation
canonical/rockwell automation thinmanager thinserver
version/rockwell automation thinmanager thinserver/13.1.0
version/rockwell automation thinmanager thinserver/13.2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.