Primary

Context

Rockwell Automation ThinManager Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability exists in Rockwell Automation ThinManager versions 14.0.0 and 14.0.1. The issue arises because, during startup, the software deletes files in the temporary folder, which allows the Access Control Entry of the directory to inherit permissions from the parent directory. This behavior could be exploited by a threat actor to gain elevated privileges.

Impact

Exploitation of this vulnerability could allow a threat actor to inherit elevated privileges on the affected system.

Remediation

Users are advised to update to ThinManager version 14.0.2 or later. For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation suggests implementing security best practices to minimize vulnerability risks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation ThinManager Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation ThinManager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating