Cyber Resilience

CVE-2024-7988

Critical

Published: 26 August 2024

Published
26 August 2024
Modified
21 October 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.2030 95.7th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7988 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Rockwellautomation Thinmanager Thinserver. Its CVSS base score is 9.3 (Critical).

Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A remote code execution vulnerability exists in Rockwell Automation ThinManager ThinServer due to improper data input validation that permits arbitrary file overwrites. Tracked as CVE-2024-7988 and assigned CWE-20, the flaw affects the ThinServer component and received a CVSS 4.0 score of 9.3 reflecting network-accessible attack vectors with no prerequisites for authentication or user interaction.

An unauthenticated remote attacker can exploit the weakness to overwrite files and thereby execute arbitrary code with system-level privileges on the affected server.

The vendor has published mitigation guidance in security advisory SD1692, which is available at the Rockwell Automation trust center URL. The CVE shows an EPSS score of 0.2030 at both current and peak values.

EU & UK References

Vulnerability details

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to…

more

be overwritten.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

rockwellautomation
thinmanager thinserver
11.1.0 — 11.1.8 · 11.2.0 — 11.2.9 · 12.0.0 — 12.0.7

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

addresses: CWE-20

Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.

addresses: CWE-20

Directly implements checks on information inputs to reject invalid data before processing.

addresses: CWE-20

Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.

References