Rockwellautomation Thinmanager

16 CVEs affecting Rockwellautomation Thinmanager. Latest disclosed: 2025-09-09. Critical: 4, High: 10.

Top CVEs affecting Rockwellautomation Thinmanager
CVESeverityScorePublishedSummary
CVE-2024-10386Critical9.82024-10-25CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to se…
CVE-2024-5989Critical9.82024-06-25Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote c…
CVE-2024-5988Critical9.82024-06-25Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote cod…
CVE-2023-27855Critical9.82023-03-22 In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker co…
CVE-2025-9065High8.82025-09-09A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attac…
CVE-2022-38742High8.12022-09-23Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafte…
CVE-2025-3617High7.82025-04-15A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder caus…
CVE-2024-10387High7.52024-10-25CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to…
CVE-2024-7986High7.52024-08-23A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can expl…
CVE-2024-5990High7.52024-06-25Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ an…
CVE-2023-2913High7.52023-07-18 An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disa…
CVE-2023-2443High7.52023-05-11 Rockwell Automation ThinManager product allows the use of medium strength ciphers.  If the client requests an insecure cipher, a malicious actor could potenti…
CVE-2023-27857High7.52023-03-22 In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in R…
CVE-2023-27856High7.52023-03-22 In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remo…
CVE-2024-45826Medium6.82024-09-12CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a craft…
CVE-2025-3618Medium5.52025-04-15A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while…