Rockwellautomation Thinmanager — known CVE vulnerabilities
Every CVE whose affected-product data names Rockwellautomation Thinmanager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2024-10386 — CVSS 9.8 (critical): CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with…
CVE-2023-27855 — CVSS 9.8 (critical): In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated…
CVE-2024-5989 — CVSS 9.8 (critical): Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program…
CVE-2024-5988 — CVSS 9.8 (critical): Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable…
CVE-2025-9065 — CVSS 8.8 (high): A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input…
CVE-2022-38742 — CVSS 8.1 (high): Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a…
CVE-2025-3617 — CVSS 7.8 (high): A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the…
CVE-2024-10387 — CVSS 7.5 (high): CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with…
CVE-2023-27857 — CVSS 7.5 (high): In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the…
CVE-2023-27856 — CVSS 7.5 (high): In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An…
CVE-2024-5990 — CVSS 7.5 (high): Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell…
CVE-2024-7986 — CVSS 7.5 (high): A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A…
CVE-2023-2443 — CVSS 7.5 (high): Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious…
CVE-2023-2913 — CVSS 7.5 (high): An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings…
CVE-2024-45826 — CVSS 6.8 (medium): CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the…
CVE-2025-3618 — CVSS 5.5 (medium): A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of…