CVE-2024-5989: Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Remedy

Affected Product CVE First Known in software version Corrected in software version ( Available Here https://thinmanager.com/downloads/index.php ) ThinManager® ThinServer™ 2024-5988 2024-5989           11.1.0 11.2.0 12.0.0 12.1.0 13.0.0 13.1.0 13.2.0 11.1.8 https://thinmanager.com/downloads/index.php 11.2.9 https://thinmanager.com/downloads/index.php 12.0.7 https://thinmanager.com/downloads/index.php 12.1.8 https://thinmanager.com/downloads/index.php 13.0.5 https://thinmanager.com/downloads/index.php 13.1.3 https://thinmanager.com/downloads/index.php 13.2.2 https://thinmanager.com/downloads/index.php 2024-5990 11.1.0 11.2.0 12.0.0 12.1.0 13.0.0 13.1.0 11.1.8 https://thinmanager.com/downloads/index.php 11.2.9 https://thinmanager.com/downloads/index.php 12.0.7 https://thinmanager.com/downloads/index.php 12.1.8 https://thinmanager.com/downloads/index.php 13.0.4 https://thinmanager.com/downloads/index.php 13.1.2 https://thinmanager.com/downloads/index.php Customers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability. · Update to the corrected software versions via the ThinManager® Downloads Site https://thinmanager.com/downloads/index.php · Limit remote access for TCP Port 2031 to known thin clients and ThinManager® servers. · Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight