CVE-2024-10387
Published: 25 October 2024
Summary
CVE-2024-10387 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Rockwellautomation Thinmanager. Its CVSS base score is 8.7 (High).
Operationally, ranked in the top 8.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-10387 is a denial-of-service vulnerability affecting an unspecified product, classified under CWE-125 as an out-of-bounds read condition. The flaw permits remote manipulation of device behavior through network messages and carries a CVSS 4.0 score of 8.7 driven by network attack vector, low complexity, and high availability impact without any authentication or user interaction requirements.
An unauthenticated attacker with network access can send crafted messages to the device, resulting in a denial-of-service state that disrupts availability while leaving confidentiality and integrity unaffected.
The referenced Rockwell Automation security advisory SD1708 provides official guidance on mitigation for the affected installations. The associated EPSS score has remained flat at 0.0623 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-33078
Vulnerability details
CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.