On October 31, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory detailing serious vulnerabilities affecting Rockwell Automation's FactoryTalk ThinManager. These issues are particularly troubling due to the product's relevance in critical manufacturing and its global deployment.
The following versions of the FactoryTalk ThinManager are vulnerable:
In conclusion, as the digital landscape evolves, being proactive about cybersecurity is essential. Therefore, it's vital for users of Rockwell Automation products, especially those in critical manufacturing infrastructures, to stay informed and ahead of potential threats.
For further reading and updates, CISA’s full advisory can be viewed here.
Source: CISA Rockwell Automation FactoryTalk ThinManager
Executive Summary of Vulnerabilities
- Vendor: Rockwell Automation
- Equipment: FactoryTalk ThinManager
- CVSS v4 Rating: 9.3 (high severity)
- Main Vulnerabilities:
- Missing Authentication for Critical Function — CVE-2024-10386
- Out-of-Bounds Read — CVE-2024-10387
Risk Evaluation
The implications of exploiting these vulnerabilities are dire. Attackers with network access could send specially crafted messages to the device, leading to database manipulation or even a denial-of-service (DoS) condition. This could disrupt operations, causing both financial and productivity losses.Technical Details
Affected ProductsThe following versions of the FactoryTalk ThinManager are vulnerable:
- Versions 11.2.0 to 11.2.9
- Versions 12.0.0 to 12.0.7
- Versions 12.1.0 to 12.1.8
- Versions 13.0.0 to 13.0.5
- Versions 13.1.0 to 13.1.3
- Versions 13.2.0 to 13.2.2
- Version 14.0.0
- Missing Authentication for Critical Function (CWE-306)
This vulnerability permits unauthorized users to manipulate databases, potentially compromising sensitive data. CVE-2024-10386 has a CVSS v3.1 base score of 9.8, indicating its seriousness. - Out-of-Bounds Read (CWE-125)
This vulnerability can be exploited to induce a DoS condition. CVE-2024-10387 has been rated with a CVSS v3.1 score of 7.5, also signifying a high risk.
Background and Reporting
These vulnerabilities were identified and reported to Rockwell Automation by Tenable Network Security. The implications are significant, especially considering the widespread use of FactoryTalk products in critical manufacturing sectors globally.Mitigation Strategies
Rockwell Automation has released fixes for these vulnerabilities, which are available on their FactoryTalk ThinManager download site. Users are strongly advised to implement the following defenses:- Network Hardening: Limit ThinManager communications to only those devices that require a connection.
- Security Best Practices: Apply guidelines provided by Rockwell Automation to reduce overall risk.
- Minimize the internet exposure of control system devices.
- Use firewalls to isolate control system networks from business networks.
- Employ secure remote access methods, like Virtual Private Networks (VPNs), while ensuring these are up to date.
Impact on Users
Organizations using the affected versions of FactoryTalk ThinManager should prioritize applying the appropriate patches. In addition to updating systems, conducting a full impact analysis and risk assessment will help safeguard against these vulnerabilities.In conclusion, as the digital landscape evolves, being proactive about cybersecurity is essential. Therefore, it's vital for users of Rockwell Automation products, especially those in critical manufacturing infrastructures, to stay informed and ahead of potential threats.
For further reading and updates, CISA’s full advisory can be viewed here.
Source: CISA Rockwell Automation FactoryTalk ThinManager
