CVE-2024-45826
Published: 12 September 2024
Summary
CVE-2024-45826 is a high-severity Externally Controlled Reference to a Resource in Another Sphere (CWE-610) vulnerability in Rockwellautomation Thinmanager. Its CVSS base score is 8.5 (High).
Operationally, ranked in the top 12.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-45826 is a path traversal and remote code execution vulnerability stemming from improper input validation in ThinManager when the software processes a crafted POST request. Successful exploitation allows an attacker to install an executable file on the affected system. The flaw is tracked under CWE-610 and carries a CVSS 4.0 score of 8.5.
An attacker with high privileges can send a malicious POST request over the network to trigger the issue, achieving code execution after limited user interaction. The attack requires no special attack techniques beyond crafting the request and targets the ThinManager component directly.
The vendor has published Rockwell Automation security advisory SD1700 to address the issue. The EPSS score rose from a low baseline to a peak of 0.0551 on 2025-12-11 before receding to the current value of 0.0334, indicating a temporary increase in observed exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-41620
Vulnerability details
CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Limits impact of an externally controlled reference to a primary information resource by switching to an identified alternative.