Exploit Alert: Rockwell Automation’s ThinManager Vulnerability Sparks Security Concerns!
Beware of digital mischief! Rockwell Automation’s ThinManager is vulnerable to server-side request forgery, which could expose ThinServer’s NTLM hash. Versions 13.0 through 14.0 are affected. Upgrade to version 14.1 or later for a safer cyberspace experience. View CSAF for more information.
Hot Take:
Rockwell Automation just discovered that their ThinManager software was so thin on security that it let hackers slip through the cracks with a low-calorie Server-Side Request Forgery (SSRF) vulnerability. It’s a little like leaving the front door open while you’re out jogging and then wondering why all your cookies are gone. But fear not, they’ve swiftly patched things up, so you can now enjoy your cookies in peace—once you’ve upgraded to version 14.1, of course.
Key Points:
– Rockwell Automation’s ThinManager software has a Server-Side Request Forgery (SSRF) vulnerability.
– Versions 13.0 through 14.0 of ThinManager are affected.
– The vulnerability allows exposure of ThinServer service account NTLM hash.
– Rockwell Automation has released a patch with version 14.1.
– CISA provides several mitigation strategies to protect against this vulnerability.