{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-5989","assignerOrgId":"b73dd486-f505-4403-b634-40b078b177f0","state":"PUBLISHED","assignerShortName":"Rockwell","dateReserved":"2024-06-13T20:56:09.876Z","datePublished":"2024-06-25T16:01:39.103Z","dateUpdated":"2025-08-27T20:42:59.534Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ThinManager® ThinServer™","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"11.0.0"},{"status":"affected","version":"11.2.0"},{"status":"affected","version":"12.0.0"},{"status":"affected","version":"12.1.0"},{"status":"affected","version":"13.0.0"},{"status":"affected","version":"13.1.0"},{"status":"affected","version":"13.2.0"}]}],"datePublic":"2024-06-25T13:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation&nbsp;ThinManager® ThinServer™.</span>"}],"value":"Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™."}],"impacts":[{"capecId":"CAPEC-153","descriptions":[{"lang":"en","value":"CAPEC-153 Input Data Manipulation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b73dd486-f505-4403-b634-40b078b177f0","shortName":"Rockwell","dateUpdated":"2024-06-25T16:01:39.103Z"},"references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<table><tbody><tr><td><p>Affected Product</p></td><td><p>CVE</p></td><td><p>First Known in software version</p></td><td><p>Corrected in software version (<b><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">Available Here</a></b>)</p></td></tr><tr><td rowspan=\"2\"><p><b>ThinManager® ThinServer™</b></p></td><td><p>2024-5988</p><p>2024-5989</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>11.1.0</p><p>11.2.0</p><p>12.0.0</p><p>12.1.0</p><p>13.0.0</p><p>13.1.0</p><p>13.2.0</p></td><td><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.2.9</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.0.7</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.0.5</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.1.3</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.2.2</a></p></td></tr><tr><td><p>2024-5990</p></td><td><p>11.1.0</p><p>11.2.0</p><p>12.0.0</p><p>12.1.0</p><p>13.0.0</p><p>13.1.0</p></td><td><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">11.2.9</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.0.7</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">12.1.8</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.0.4</a></p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">13.1.2</a></p></td></tr></tbody></table><br>\n\n<p>Customers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.</p><p>· Update to the corrected software versions via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://thinmanager.com/downloads/index.php\">ThinManager® Downloads Site</a></p><p>· Limit remote access for TCP Port 2031 to known thin clients and ThinManager® servers.</p><p>· <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></p>"}],"value":"Affected Product\n\nCVE\n\nFirst Known in software version\n\nCorrected in software version ( Available Here https://thinmanager.com/downloads/index.php )\n\nThinManager® ThinServer™\n\n2024-5988\n\n2024-5989\n\n \n\n \n\n \n\n \n\n \n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n13.2.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.5 https://thinmanager.com/downloads/index.php \n\n 13.1.3 https://thinmanager.com/downloads/index.php \n\n 13.2.2 https://thinmanager.com/downloads/index.php \n\n2024-5990\n\n11.1.0\n\n11.2.0\n\n12.0.0\n\n12.1.0\n\n13.0.0\n\n13.1.0\n\n 11.1.8 https://thinmanager.com/downloads/index.php \n\n 11.2.9 https://thinmanager.com/downloads/index.php \n\n 12.0.7 https://thinmanager.com/downloads/index.php \n\n 12.1.8 https://thinmanager.com/downloads/index.php \n\n 13.0.4 https://thinmanager.com/downloads/index.php \n\n 13.1.2 https://thinmanager.com/downloads/index.php \n\n\n\n\nCustomers using the affected software are encouraged to apply the risk mitigations from the list below, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the potential risk of vulnerability.\n\n· Update to the corrected software versions via the  ThinManager® Downloads Site https://thinmanager.com/downloads/index.php \n\n· Limit remote access for TCP Port 2031 to known thin clients and ThinManager® servers.\n\n·  Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}],"source":{"discovery":"EXTERNAL"},"title":"Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-5989","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-06-25T17:42:47.931940Z"}}}],"affected":[{"cpes":["cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"],"vendor":"rockwellautomation","product":"thinmanager","versions":[{"status":"affected","version":"11.1.0","lessThan":"11.1.8","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.9","versionType":"custom"},{"status":"affected","version":"12.0.0","lessThan":"12.0.7","versionType":"custom"},{"status":"affected","version":"12.1.0","lessThan":"12.1.8","versionType":"custom"},{"status":"affected","version":"13.0.0","lessThan":"13.0.4","versionType":"custom"},{"status":"affected","version":"13.1.0","lessThan":"13.1.2","versionType":"custom"},{"status":"affected","version":"13.2.0","lessThan":"13.2.2","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"],"vendor":"rockwellautomation","product":"thinmanager","versions":[{"status":"affected","version":"11.1.0","lessThan":"11.1.8","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.9","versionType":"custom"},{"status":"affected","version":"12.0.0","lessThan":"12.0.7","versionType":"custom"},{"status":"affected","version":"12.1.0","lessThan":"12.1.8","versionType":"custom"},{"status":"affected","version":"13.0.0","lessThan":"13.0.4","versionType":"custom"},{"status":"affected","version":"13.1.0","lessThan":"13.1.2","versionType":"custom"},{"status":"affected","version":"13.2.0","lessThan":"13.2.2","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"],"vendor":"rockwellautomation","product":"thinmanager","versions":[{"status":"affected","version":"11.1.0","lessThan":"11.1.8","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.9","versionType":"custom"},{"status":"affected","version":"12.0.0","lessThan":"12.0.7","versionType":"custom"},{"status":"affected","version":"12.1.0","lessThan":"12.1.8","versionType":"custom"},{"status":"affected","version":"13.0.0","lessThan":"13.0.4","versionType":"custom"},{"status":"affected","version":"13.1.0","lessThan":"13.1.2","versionType":"custom"},{"status":"affected","version":"13.2.0","lessThan":"13.2.2","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"],"vendor":"rockwellautomation","product":"thinmanager","versions":[{"status":"affected","version":"11.1.0","lessThan":"11.1.8","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.9","versionType":"custom"},{"status":"affected","version":"12.0.0","lessThan":"12.0.7","versionType":"custom"},{"status":"affected","version":"12.1.0","lessThan":"12.1.8","versionType":"custom"},{"status":"affected","version":"13.0.0","lessThan":"13.0.4","versionType":"custom"},{"status":"affected","version":"13.1.0","lessThan":"13.1.2","versionType":"custom"},{"status":"affected","version":"13.2.0","lessThan":"13.2.2","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"],"vendor":"rockwellautomation","product":"thinmanager","versions":[{"status":"affected","version":"11.1.0","lessThan":"11.1.8","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.9","versionType":"custom"},{"status":"affected","version":"12.0.0","lessThan":"12.0.7","versionType":"custom"},{"status":"affected","version":"12.1.0","lessThan":"12.1.8","versionType":"custom"},{"status":"affected","version":"13.0.0","lessThan":"13.0.4","versionType":"custom"},{"status":"affected","version":"13.1.0","lessThan":"13.1.2","versionType":"custom"},{"status":"affected","version":"13.2.0","lessThan":"13.2.2","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"],"vendor":"rockwellautomation","product":"thinmanager","versions":[{"status":"affected","version":"11.1.0","lessThan":"11.1.8","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.9","versionType":"custom"},{"status":"affected","version":"12.0.0","lessThan":"12.0.7","versionType":"custom"},{"status":"affected","version":"12.1.0","lessThan":"12.1.8","versionType":"custom"},{"status":"affected","version":"13.0.0","lessThan":"13.0.4","versionType":"custom"},{"status":"affected","version":"13.1.0","lessThan":"13.1.2","versionType":"custom"},{"status":"affected","version":"13.2.0","lessThan":"13.2.2","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:rockwellautomation:thinmanager:11.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:11.2.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:12.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.1.0:*:*:*:*:*:*:*","cpe:2.3:a:rockwellautomation:thinmanager:13.2.0:*:*:*:*:*:*:*"],"vendor":"rockwellautomation","product":"thinmanager","versions":[{"status":"affected","version":"11.1.0","lessThan":"11.1.8","versionType":"custom"},{"status":"affected","version":"11.2.0","lessThan":"11.2.9","versionType":"custom"},{"status":"affected","version":"12.0.0","lessThan":"12.0.7","versionType":"custom"},{"status":"affected","version":"12.1.0","lessThan":"12.1.8","versionType":"custom"},{"status":"affected","version":"13.0.0","lessThan":"13.0.4","versionType":"custom"},{"status":"affected","version":"13.1.0","lessThan":"13.1.2","versionType":"custom"},{"status":"affected","version":"13.2.0","lessThan":"13.2.2","versionType":"custom"}],"defaultStatus":"unknown"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-27T20:42:59.534Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:25:03.287Z"},"title":"CVE Program Container","references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html","tags":["x_transferred"]}]}]}}