CVE-2024-5990 | Vulnerability Database | Aqua Security

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.

Affected Software

Name	Vendor	Start Version	End Version
Thinmanager	Rockwellautomation	11.1.0 (including)	11.1.8 (excluding)
Thinmanager	Rockwellautomation	11.2.0 (including)	11.2.9 (excluding)
Thinmanager	Rockwellautomation	12.0.0 (including)	12.0.7 (excluding)
Thinmanager	Rockwellautomation	12.1.0 (including)	12.1.8 (excluding)
Thinmanager	Rockwellautomation	13.0.0 (including)	13.0.4 (excluding)
Thinmanager	Rockwellautomation	13.1.0 (including)	13.1.2 (excluding)
Thinserver	Rockwellautomation	11.1.0 (including)	11.1.8 (excluding)
Thinserver	Rockwellautomation	11.2.0 (including)	11.2.9 (excluding)
Thinserver	Rockwellautomation	12.0.0 (including)	12.0.7 (excluding)
Thinserver	Rockwellautomation	12.1.0 (including)	12.1.8 (excluding)
Thinserver	Rockwellautomation	13.0.0 (including)	13.0.4 (excluding)
Thinserver	Rockwellautomation	13.1.0 (including)	13.1.2 (excluding)

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1677.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-5990
CWE	https://cwe.mitre.org/data/definitions/.html