Rockwell Automation ThinManager
Monitor6.8ICS-CERT ICSA-24-256-25Sep 12, 2024
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionRequired
Summary
ThinManager versions 13.1.0–13.1.2 and 13.2.0–13.2.1 contain a vulnerability (CWE-610, CVSS 6.8) that could allow remote code execution when a high-privilege user (administrator or engineer) performs a specific action. This affects the integrity and availability of ThinManager's control over HMI displays and terminal management across connected devices.
What this means
What could happen
An attacker with high privileges on a ThinManager terminal could execute arbitrary code on the device, potentially controlling connected HMI displays, operator workstations, and dependent industrial equipment across your facility.
Who's at risk
Water utilities and electric utilities operating ThinManager terminals for HMI display management and operator workstations should prioritize this patch. Any facility relying on ThinManager for remote terminal management or centralized display control is affected, particularly those running versions 13.1.0–13.1.2 or 13.2.0–13.2.1.
How it could be exploited
An attacker with administrative or high-privilege credentials on ThinManager could trigger remote code execution through a malicious input or crafted request. The attack requires user interaction (likely an administrator performing an action) but does not require authentication bypass—it leverages existing elevated access.
Prerequisites
- High-privilege account credentials on ThinManager (administrative or engineering role)
- Network access to ThinManager device on port 80/443 or management interface
- User interaction: administrator must perform a specific action or click a crafted link while logged in
Remotely exploitableHigh-privilege access required (reduces immediate risk)User interaction requiredAffects HMI and operator terminal control systems
Exploitability
Moderate exploit probability (EPSS 3.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
ThinManager: >=V13.1.0|<13.1.2≥ V13.1.0|<13.1.213.1.3
ThinManager: >=V13.2.0|<13.2.1≥ V13.2.0|<13.2.113.1.3
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict ThinManager network access to authorized engineering workstations and terminals only; block internet-facing access and isolate from business networks
HARDENINGIf remote access to ThinManager is required, enforce VPN with MFA and limit to specific trusted IP addresses or engineering staff
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate ThinManager v13.1.X to version 13.1.3 or later
HOTFIXUpdate ThinManager v13.2.X to version 13.2.2 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/83ea7df4-e3f2-41d1-85c8-58193ccb18f5