Trending

ee-track">
Link copied!

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager

CISA has issued an alert on critical vulnerabilities in Rockwell Automation's FactoryTalk ThinManager, requiring immediate attention to protect industrial systems.

November 4, 2024 · 2 min read
CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has alerted about new vulnerabilities in Rockwell Automation FactoryTalk ThinManager. The alert, designated ICSA-24-305-01, outlines serious security risks that could affect users of the software. With a CVSS v4 score of 9.3, these vulnerabilities demand immediate attention from security teams to safeguard industrial control systems.

The vulnerabilities identified in Rockwell Automation’s FactoryTalk ThinManager include “Missing Authentication for Critical Function” and “Out-of-Bounds Read.” These issues can allow remote attackers to manipulate databases or cause denial-of-service conditions.

The successful exploitation of these vulnerabilities poses a risk to users. Attackers could send specially crafted messages to FactoryTalk ThinManager devices, which might lead to serious consequences, including unauthorized database modifications or service disruptions.

Technical Details

Several versions of Rockwell Automation’s FactoryTalk ThinManager have been identified as vulnerable, including versions 11.2.0 to 11.2.9, 12.0.0 to 12.0.7, 12.1.0 to 12.1.8, 13.0.0 to 13.0.5, 13.1.0 to 13.1.3, 13.2.0 to 13.2.2, and version 14.0.0.

The first critical vulnerability, CVE-2024-10386, is categorized as “Missing Authentication for Critical Function” (CWE-306) and assigned a CVSS v3.1 base score of 9.8. This flaw allows network-accessible attackers to send crafted messages to FactoryTalk ThinManager, which could potentially result in database manipulation.

The second vulnerability, CVE-2024-10387, relates to an “Out-of-Bounds Read” (CWE-125) and poses a denial-of-service risk. It enables attackers with network access to send crafted messages that could disrupt FactoryTalk ThinManager’s operations. This vulnerability carries a CVSS v3.1 base score of 7.5 and a CVSS v4 score of 8.7, indicating a serious security concern.

report-ad-banner

Rockwell Automation has acknowledged these vulnerabilities, which significantly impact critical infrastructure sectors, particularly in manufacturing, and are deployed globally. To address the risks associated with these vulnerabilities, Rockwell Automation has made patches available for the affected versions on the FactoryTalk ThinManager download site and urges users to apply these updates without delay.

Additionally, users are advised to implement network hardening by restricting communications to TCP port 2031 only to necessary devices that require connection to the ThinManager. Following Rockwell Automation’s guidelines for security best practices is also encouraged to minimize risks in industrial automation control systems.

Recommendations from CISA

The Cybersecurity and Infrastructure Security Agency (CISA) recommends several defensive measures:

  1. Minimize network exposure for all control system devices, ensuring they are not accessible from the internet.
  2. Isolate control system networks and remote devices behind firewalls.
  3. Utilize secure methods for remote access, such as Virtual Private Networks (VPNs), while recognizing that these should be updated regularly.
  4. Perform comprehensive impact analysis and risk assessment before implementing defensive measures.
  5. Regularly review and apply security advisories from credible sources.

Conclusion

CISA encourages organizations to report any suspected malicious activity for tracking and correlation with other incidents. Currently, there have been no known public exploitations targeting these vulnerabilities.

Given the high severity of the vulnerabilities associated with Rockwell Automation’s FactoryTalk ThinManager, organizations must prioritize addressing these issues to maintain security within their industrial environments.

By adhering to recommended practices and implementing available patches, companies can reduce the risk of exploitation and protect their critical infrastructure.

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-24-305-01

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams