Rockwellautomation Thinmanager
16 CVEs affecting Rockwellautomation Thinmanager. Latest disclosed: 2025-09-09. Critical: 4, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-10386 | Critical | 9.8 | 2024-10-25 | CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to se… |
CVE-2024-5989 | Critical | 9.8 | 2024-06-25 | Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote c… |
CVE-2024-5988 | Critical | 9.8 | 2024-06-25 | Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote cod… |
CVE-2023-27855 | Critical | 9.8 | 2023-03-22 | In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker co… |
CVE-2025-9065 | High | 8.8 | 2025-09-09 | A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attac… |
CVE-2022-38742 | High | 8.1 | 2022-09-23 | Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafte… |
CVE-2025-3617 | High | 7.8 | 2025-04-15 | A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder caus… |
CVE-2024-10387 | High | 7.5 | 2024-10-25 | CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to… |
CVE-2024-7986 | High | 7.5 | 2024-08-23 | A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can expl… |
CVE-2024-5990 | High | 7.5 | 2024-06-25 | Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ an… |
CVE-2023-2913 | High | 7.5 | 2023-07-18 | An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disa… |
CVE-2023-2443 | High | 7.5 | 2023-05-11 | Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potenti… |
CVE-2023-27857 | High | 7.5 | 2023-03-22 | In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in R… |
CVE-2023-27856 | High | 7.5 | 2023-03-22 | In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remo… |
CVE-2024-45826 | Medium | 6.8 | 2024-09-12 | CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a craft… |
CVE-2025-3618 | Medium | 5.5 | 2025-04-15 | A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while… |