Search criteria
18 vulnerabilities found for ThinManager ThinServer by Rockwell Automation
VAR-202209-1831
Vulnerability from variot - Updated: 2024-06-14 23:08Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. Rockwell Automation Provided by the company ThinManager ThinServer is a thin client and RDP (( Remote Desktop Protocol ) server management software. ThinManager ThinServer The following vulnerabilities exist in. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of HTTPS traffic. When parsing a URI, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1831",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.0.0"
},
{
"model": "thinmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.2.0 to 11.2.5 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.0.0 to 12.0.2 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.1.0 to 11.1.4 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.1.0 to 12.1.3 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.0.0 to 11.0.4 to"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
}
],
"trust": 0.7
},
"cve": "CVE-2022-38742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38742",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-38742",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38742",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2022-38742",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2022-38742",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2416",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. Rockwell Automation Provided by the company ThinManager ThinServer is a thin client and RDP (( Remote Desktop Protocol ) server management software. ThinManager ThinServer The following vulnerabilities exist in. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of HTTPS traffic. When parsing a URI, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web service",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38742",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-270-03",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93951878",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17482",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1302",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-434516",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"id": "VAR-202209-1831",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-434516"
}
],
"trust": 0.01
},
"last_update_date": "2024-06-14T23:08:39.872000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "File\u00a0Parsing\u00a0XML\u00a0Entity\u00a0in\u00a0Multiple\u00a0Products (Login required) Rockwell\u00a0Automation",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134596"
},
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-270-03"
},
{
"title": "Rockwell Automation ThinManager Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209163"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
},
{
"trust": 1.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-270-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93951878/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38742"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-270-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38742/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"db": "VULHUB",
"id": "VHN-434516"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-28T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-434516"
},
{
"date": "2022-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"date": "2022-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"date": "2022-09-23T16:15:11.570000",
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-28T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1302"
},
{
"date": "2022-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-434516"
},
{
"date": "2024-06-13T02:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-002435"
},
{
"date": "2022-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2416"
},
{
"date": "2022-09-26T22:20:15.477000",
"db": "NVD",
"id": "CVE-2022-38742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 Made \u00a0ThinManager\u00a0ThinServer\u00a0 Heap-based buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002435"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2416"
}
],
"trust": 0.6
}
}
VAR-202308-2775
Vulnerability from variot - Updated: 2024-01-24 22:35The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities. Rockwell Automation of ThinManager ThinServer Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from the American company Rockwell Automation. Allows thin clients to be assigned to multiple remote desktop servers simultaneously
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2775",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.7"
},
{
"model": "thinmanager thinserver",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.5"
},
{
"model": "thinmanager thinserver",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.6"
},
{
"model": "thinmanager thinserver",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.0.2"
},
{
"model": "thinmanager thinserver",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.6"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.1.0"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.1.0"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.1.0"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.2.0"
},
{
"model": "thinmanager thinserver",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "11.0.6"
},
{
"model": "thinmanager thinserver",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0.0"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.0.0 to 12.0.5"
},
{
"model": "thinmanager thinserver",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.1.0"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.2.0 to 11.2.7"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.1.0 to 11.1.6"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "13.0.0 to 13.0.2"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "12.1.0 to 12.1.6"
},
{
"model": "thinmanager thinserver",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "11.0.0 to 11.0.6"
},
{
"model": "automation thinmanager",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64278"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022453"
},
{
"db": "NVD",
"id": "CVE-2023-2917"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager_thinserver:13.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0.2",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.5",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.6",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.1.6",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.0.6",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.2.7",
"versionStartIncluding": "11.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-2917"
}
]
},
"cve": "CVE-2023-2917",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-64278",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-2917",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-2917",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2023-2917",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-64278",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64278"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022453"
},
{
"db": "NVD",
"id": "CVE-2023-2917"
},
{
"db": "NVD",
"id": "CVE-2023-2917"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. \u00a0\u00a0Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. \u00a0A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities. Rockwell Automation of ThinManager ThinServer Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from the American company Rockwell Automation. Allows thin clients to be assigned to multiple remote desktop servers simultaneously",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-2917"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022453"
},
{
"db": "CNVD",
"id": "CNVD-2023-64278"
},
{
"db": "VULMON",
"id": "CVE-2023-2917"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-2917",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU94607426",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-234-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022453",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64278",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-2917",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64278"
},
{
"db": "VULMON",
"id": "CVE-2023-2917"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022453"
},
{
"db": "NVD",
"id": "CVE-2023-2917"
}
]
},
"id": "VAR-202308-2775",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64278"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64278"
}
]
},
"last_update_date": "2024-01-24T22:35:40.285000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation ThinManager Path Traversal Vulnerability (CNVD-2023-64278)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/452511"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022453"
},
{
"db": "NVD",
"id": "CVE-2023-2917"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2917"
},
{
"trust": 1.1,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94607426/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-03"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64278"
},
{
"db": "VULMON",
"id": "CVE-2023-2917"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022453"
},
{
"db": "NVD",
"id": "CVE-2023-2917"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64278"
},
{
"db": "VULMON",
"id": "CVE-2023-2917"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022453"
},
{
"db": "NVD",
"id": "CVE-2023-2917"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64278"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-2917"
},
{
"date": "2024-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022453"
},
{
"date": "2023-08-17T16:15:09.790000",
"db": "NVD",
"id": "CVE-2023-2917"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64278"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-2917"
},
{
"date": "2024-01-23T04:07:00",
"db": "JVNDB",
"id": "JVNDB-2023-022453"
},
{
"date": "2023-08-23T15:56:46.197000",
"db": "NVD",
"id": "CVE-2023-2917"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0ThinManager\u00a0ThinServer\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022453"
}
],
"trust": 0.8
}
}
CVE-2023-2917 (GCVE-0-2023-2917)
Vulnerability from cvelistv5 – Published: 2023-08-17 15:10 – Updated: 2024-10-08 16:56
VLAI?
Title
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
Summary
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
11.0.0 - 11.2.6
Affected: 11.1.0 - 11.1.6 Affected: 11.2.0 - 11.2.7 Affected: 12.0.0 - 12.0.5 Affected: 12.1.0 - 12.1.6 Affected: 13.0.0 - 13.0.2 Affected: 13.1.0 |
Credits
This vulnerability was reported to Rockwell Automation by Tenable Network Security.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager_thinserver",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T16:49:50.493475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T16:56:43.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was reported to Rockwell Automation by Tenable Network Security."
}
],
"datePublic": "2023-08-17T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.\u0026nbsp;\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. \u0026nbsp;A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.\u003c/span\u003e\n\n "
}
],
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.\u00a0\u00a0Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. \u00a0A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.\n\n "
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T15:10:08.696Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpdate to the corrected software versions.\u003c/li\u003e\u003cli\u003eLimit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n * Update to the corrected software versions.\n * Limit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2917",
"datePublished": "2023-08-17T15:10:08.696Z",
"dateReserved": "2023-05-26T13:57:12.308Z",
"dateUpdated": "2024-10-08T16:56:43.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2915 (GCVE-0-2023-2915)
Vulnerability from cvelistv5 – Published: 2023-08-17 15:05 – Updated: 2024-10-08 17:01
VLAI?
Title
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
Summary
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
11.0.0 - 11.2.6
Affected: 11.1.0 - 11.1.6 Affected: 11.2.0 - 11.2.7 Affected: 12.0.0 - 12.0.5 Affected: 12.1.0 - 12.1.6 Affected: 13.0.0 - 13.0.2 Affected: 13.1.0 |
Credits
This vulnerability was reported to Rockwell Automation by Tenable Network Security.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager_thinserver",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T16:58:47.679391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:01:54.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was reported to Rockwell Automation by Tenable Network Security."
}
],
"datePublic": "2023-08-17T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition. "
}
],
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition. "
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T15:05:52.368Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpdate to the corrected software versions.\u003c/li\u003e\u003cli\u003eLimit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n * Update to the corrected software versions.\n * Limit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2915",
"datePublished": "2023-08-17T15:05:52.368Z",
"dateReserved": "2023-05-26T13:45:57.862Z",
"dateUpdated": "2024-10-08T17:01:54.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2914 (GCVE-0-2023-2914)
Vulnerability from cvelistv5 – Published: 2023-08-17 15:01 – Updated: 2024-10-08 17:08
VLAI?
Title
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy
Summary
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
11.0.0 - 11.2.6
Affected: 11.1.0 - 11.1.6 Affected: 11.2.0 - 11.2.7 Affected: 12.0.0 - 12.0.5 Affected: 12.1.0 - 12.1.6 Affected: 13.0.0 - 13.0.2 Affected: 13.1.0 |
Credits
This vulnerability was reported to Rockwell Automation by Tenable Network Security.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager_thinserver",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:05:51.847648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:08:30.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was reported to Rockwell Automation by Tenable Network Security."
}
],
"datePublic": "2023-08-17T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software. "
}
],
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software. "
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T15:03:27.110Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpdate to the corrected software versions.\u003c/li\u003e\u003cli\u003eLimit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n * Update to the corrected software versions.\n * Limit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2914",
"datePublished": "2023-08-17T15:01:25.994Z",
"dateReserved": "2023-05-26T13:23:41.377Z",
"dateUpdated": "2024-10-08T17:08:30.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2913 (GCVE-0-2023-2913)
Vulnerability from cvelistv5 – Published: 2023-07-18 19:52 – Updated: 2025-03-05 18:48
VLAI?
Title
Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability
Summary
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.
Severity ?
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
13.0.0 - 13.0.2
Affected: 13.1.0 |
Credits
Sven Krewitt from Flashpoint.io reported this vulnerability to Rockwell Automation
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140160"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:38:36.636854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:48:42.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sven Krewitt from Flashpoint.io reported this vulnerability to Rockwell Automation"
}
],
"datePublic": "2023-07-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server\u2019s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\u003c/span\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server\u2019s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T19:55:22.920Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140160"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\u003cul\u003e\u003cli\u003eUpdate to the corrected software versions\u003c/li\u003e\u003c/ul\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n * Update to the corrected software versions\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2913",
"datePublished": "2023-07-18T19:52:45.214Z",
"dateReserved": "2023-05-26T13:21:35.457Z",
"dateUpdated": "2025-03-05T18:48:42.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27857 (GCVE-0-2023-27857)
Vulnerability from cvelistv5 – Published: 2023-03-22 00:00 – Updated: 2024-10-21 16:02
VLAI?
Title
Rockwell Automation ThinManager ThinServer Heap-Based Buffer Overflow
Summary
In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field
in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
6.x - 10.x
Affected: 11.0.0 - 11.0.5 Affected: 11.1.0 - 11.1.5 Affected: 11.2.0 - 11.2.6 Affected: 12.0.0 - 12.0.4 Affected: 12.1.0 - 12.1.5 Affected: 13.0.0 - 13.0.1 |
Credits
Security researchers from Tenable reported this to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:29.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:29:05.068697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:02:48.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "6.x - 10.x"
},
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.5"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.6"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.4"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.5"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Security researchers from Tenable reported this to Rockwell Automation."
}
],
"datePublic": "2023-03-21T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field\u003c/span\u003e\n\n\u003c/span\u003e\n\n in Rockwell Automation\u0027s ThinManager ThinServer.\u0026nbsp;\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.\u003c/span\u003e\n\n\n\n \n\n"
}
],
"value": "\n In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field\n\n\n\n in Rockwell Automation\u0027s ThinManager ThinServer.\u00a0\u00a0An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.\n\n\n\n \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T11:50:33.577Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager ThinServer Heap-Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-27857",
"datePublished": "2023-03-22T00:00:18.344Z",
"dateReserved": "2023-03-06T18:21:21.067Z",
"dateUpdated": "2024-10-21T16:02:48.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27856 (GCVE-0-2023-27856)
Vulnerability from cvelistv5 – Published: 2023-03-21 23:55 – Updated: 2025-02-25 21:22
VLAI?
Title
Rockwell Automation ThinManager ThinServer Path Traversal Download
Summary
In affected versions, path traversal exists when processing a message of type 8
in Rockwell Automation's ThinManager ThinServer.
An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
6.x - 10.x
Affected: 11.0.0 - 11.0.5 Affected: 11.1.0 - 11.1.5 Affected: 11.2.0 - 11.2.6 Affected: 12.0.0 - 12.0.4 Affected: 12.1.0 - 12.1.5 Affected: 13.0.0 - 13.0.1 |
Credits
Security researchers from Tenable reported this to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T21:21:55.655746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:22:03.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "6.x - 10.x"
},
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.5"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.6"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.4"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.5"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Security researchers from Tenable reported this to Rockwell Automation."
}
],
"datePublic": "2023-03-21T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn affected versions, path traversal exists when processing a message of type 8\u003c/span\u003e\n\n in Rockwell Automation\u0027s ThinManager ThinServer. \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.\u003c/span\u003e\n\n \u003c/span\u003e\n\n"
}
],
"value": "\n\n\nIn affected versions, path traversal exists when processing a message of type 8\n\n in Rockwell Automation\u0027s ThinManager ThinServer. \n\nAn unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.\n\n \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T00:02:03.568Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager ThinServer Path Traversal Download",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-27856",
"datePublished": "2023-03-21T23:55:23.665Z",
"dateReserved": "2023-03-06T18:21:21.067Z",
"dateUpdated": "2025-02-25T21:22:03.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27855 (GCVE-0-2023-27855)
Vulnerability from cvelistv5 – Published: 2023-03-21 23:48 – Updated: 2025-02-25 20:21
VLAI?
Title
Rockwell Automation ThinManager ThinServer Path Traversal Upload
Summary
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
Severity ?
9.8 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
6.x - 10.x
Affected: 11.0.0 - 11.0.5 Affected: 11.1.0 - 11.1.5 Affected: 11.2.0 - 11.2.6 Affected: 12.0.0 - 12.0.4 Affected: 12.1.0 - 12.1.5 Affected: 13.0.0 - 13.0.1 |
Credits
Security researchers from Tenable reported this to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:29.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T20:20:33.569069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:21:14.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "6.x - 10.x"
},
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.5"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.6"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.4"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.5"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Security researchers from Tenable reported this to Rockwell Automation."
}
],
"datePublic": "2023-03-21T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn affected versions, a path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. \u003c/span\u003e\n\n"
}
],
"value": "\nIn affected versions, a path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T00:01:41.197Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager ThinServer Path Traversal Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-27855",
"datePublished": "2023-03-21T23:48:11.750Z",
"dateReserved": "2023-03-06T18:21:21.067Z",
"dateUpdated": "2025-02-25T20:21:14.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38742 (GCVE-0-2022-38742)
Vulnerability from cvelistv5 – Published: 2022-09-23 15:24 – Updated: 2025-05-22 18:22
VLAI?
Title
Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack
Summary
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
11.0.0 , ≤ 13.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:22:09.518015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:22:27.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "13.0.0",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T15:24:18.000Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@rockwellautomation.com",
"DATE_PUBLIC": "2022-09-22T15:15:00.000Z",
"ID": "CVE-2022-38742",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinManager ThinServer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "11.0.0",
"version_value": "13.0.0"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "13.0.0",
"status": "affected",
"version": "11.0.0",
"versionType": "Major"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected product is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. This could expose the server to arbitrary remote code execution.\u003cbr\u003e"
}
],
"value": "The affected product is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. This could expose the server to arbitrary remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"cveId": "CVE-2022-38742",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847",
"refsource": "MISC",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2022-38742",
"datePublished": "2022-09-23T15:24:18.224Z",
"dateReserved": "2022-08-24T00:00:00.000Z",
"dateUpdated": "2025-05-22T18:22:27.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2917 (GCVE-0-2023-2917)
Vulnerability from nvd – Published: 2023-08-17 15:10 – Updated: 2024-10-08 16:56
VLAI?
Title
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
Summary
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
11.0.0 - 11.2.6
Affected: 11.1.0 - 11.1.6 Affected: 11.2.0 - 11.2.7 Affected: 12.0.0 - 12.0.5 Affected: 12.1.0 - 12.1.6 Affected: 13.0.0 - 13.0.2 Affected: 13.1.0 |
Credits
This vulnerability was reported to Rockwell Automation by Tenable Network Security.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager_thinserver",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T16:49:50.493475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T16:56:43.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was reported to Rockwell Automation by Tenable Network Security."
}
],
"datePublic": "2023-08-17T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.\u0026nbsp;\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. \u0026nbsp;A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.\u003c/span\u003e\n\n "
}
],
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.\u00a0\u00a0Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. \u00a0A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.\n\n "
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T15:10:08.696Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpdate to the corrected software versions.\u003c/li\u003e\u003cli\u003eLimit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n * Update to the corrected software versions.\n * Limit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2917",
"datePublished": "2023-08-17T15:10:08.696Z",
"dateReserved": "2023-05-26T13:57:12.308Z",
"dateUpdated": "2024-10-08T16:56:43.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2915 (GCVE-0-2023-2915)
Vulnerability from nvd – Published: 2023-08-17 15:05 – Updated: 2024-10-08 17:01
VLAI?
Title
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability
Summary
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
11.0.0 - 11.2.6
Affected: 11.1.0 - 11.1.6 Affected: 11.2.0 - 11.2.7 Affected: 12.0.0 - 12.0.5 Affected: 12.1.0 - 12.1.6 Affected: 13.0.0 - 13.0.2 Affected: 13.1.0 |
Credits
This vulnerability was reported to Rockwell Automation by Tenable Network Security.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager_thinserver",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T16:58:47.679391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:01:54.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was reported to Rockwell Automation by Tenable Network Security."
}
],
"datePublic": "2023-08-17T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition. "
}
],
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition. "
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T15:05:52.368Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpdate to the corrected software versions.\u003c/li\u003e\u003cli\u003eLimit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n * Update to the corrected software versions.\n * Limit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2915",
"datePublished": "2023-08-17T15:05:52.368Z",
"dateReserved": "2023-05-26T13:45:57.862Z",
"dateUpdated": "2024-10-08T17:01:54.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2914 (GCVE-0-2023-2914)
Vulnerability from nvd – Published: 2023-08-17 15:01 – Updated: 2024-10-08 17:08
VLAI?
Title
Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy
Summary
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
11.0.0 - 11.2.6
Affected: 11.1.0 - 11.1.6 Affected: 11.2.0 - 11.2.7 Affected: 12.0.0 - 12.0.5 Affected: 12.1.0 - 12.1.6 Affected: 13.0.0 - 13.0.2 Affected: 13.1.0 |
Credits
This vulnerability was reported to Rockwell Automation by Tenable Network Security.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:thinmanager_thinserver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinmanager_thinserver",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:05:51.847648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:08:30.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "11.0.0 - 11.2.6"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.6"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.7"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.5"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.6"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was reported to Rockwell Automation by Tenable Network Security."
}
],
"datePublic": "2023-08-17T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software. "
}
],
"value": "The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software. "
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T15:03:27.110Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpdate to the corrected software versions.\u003c/li\u003e\u003cli\u003eLimit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\n * Update to the corrected software versions.\n * Limit remote access for TCP Port 2031 to known thin clients and ThinManager servers.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2914",
"datePublished": "2023-08-17T15:01:25.994Z",
"dateReserved": "2023-05-26T13:23:41.377Z",
"dateUpdated": "2024-10-08T17:08:30.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2913 (GCVE-0-2023-2913)
Vulnerability from nvd – Published: 2023-07-18 19:52 – Updated: 2025-03-05 18:48
VLAI?
Title
Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability
Summary
An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.
Severity ?
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
13.0.0 - 13.0.2
Affected: 13.1.0 |
Credits
Sven Krewitt from Flashpoint.io reported this vulnerability to Rockwell Automation
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140160"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:38:36.636854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:48:42.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.0.0 - 13.0.2"
},
{
"status": "affected",
"version": "13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sven Krewitt from Flashpoint.io reported this vulnerability to Rockwell Automation"
}
],
"datePublic": "2023-07-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server\u2019s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\u003c/span\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server\u2019s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T19:55:22.920Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140160"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\u003cul\u003e\u003cli\u003eUpdate to the corrected software versions\u003c/li\u003e\u003c/ul\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n * Update to the corrected software versions\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2913",
"datePublished": "2023-07-18T19:52:45.214Z",
"dateReserved": "2023-05-26T13:21:35.457Z",
"dateUpdated": "2025-03-05T18:48:42.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27857 (GCVE-0-2023-27857)
Vulnerability from nvd – Published: 2023-03-22 00:00 – Updated: 2024-10-21 16:02
VLAI?
Title
Rockwell Automation ThinManager ThinServer Heap-Based Buffer Overflow
Summary
In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field
in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
6.x - 10.x
Affected: 11.0.0 - 11.0.5 Affected: 11.1.0 - 11.1.5 Affected: 11.2.0 - 11.2.6 Affected: 12.0.0 - 12.0.4 Affected: 12.1.0 - 12.1.5 Affected: 13.0.0 - 13.0.1 |
Credits
Security researchers from Tenable reported this to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:29.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:29:05.068697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:02:48.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "6.x - 10.x"
},
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.5"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.6"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.4"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.5"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Security researchers from Tenable reported this to Rockwell Automation."
}
],
"datePublic": "2023-03-21T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field\u003c/span\u003e\n\n\u003c/span\u003e\n\n in Rockwell Automation\u0027s ThinManager ThinServer.\u0026nbsp;\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.\u003c/span\u003e\n\n\n\n \n\n"
}
],
"value": "\n In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field\n\n\n\n in Rockwell Automation\u0027s ThinManager ThinServer.\u00a0\u00a0An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.\n\n\n\n \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T11:50:33.577Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager ThinServer Heap-Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-27857",
"datePublished": "2023-03-22T00:00:18.344Z",
"dateReserved": "2023-03-06T18:21:21.067Z",
"dateUpdated": "2024-10-21T16:02:48.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27856 (GCVE-0-2023-27856)
Vulnerability from nvd – Published: 2023-03-21 23:55 – Updated: 2025-02-25 21:22
VLAI?
Title
Rockwell Automation ThinManager ThinServer Path Traversal Download
Summary
In affected versions, path traversal exists when processing a message of type 8
in Rockwell Automation's ThinManager ThinServer.
An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
6.x - 10.x
Affected: 11.0.0 - 11.0.5 Affected: 11.1.0 - 11.1.5 Affected: 11.2.0 - 11.2.6 Affected: 12.0.0 - 12.0.4 Affected: 12.1.0 - 12.1.5 Affected: 13.0.0 - 13.0.1 |
Credits
Security researchers from Tenable reported this to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T21:21:55.655746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:22:03.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "6.x - 10.x"
},
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.5"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.6"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.4"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.5"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Security researchers from Tenable reported this to Rockwell Automation."
}
],
"datePublic": "2023-03-21T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn affected versions, path traversal exists when processing a message of type 8\u003c/span\u003e\n\n in Rockwell Automation\u0027s ThinManager ThinServer. \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.\u003c/span\u003e\n\n \u003c/span\u003e\n\n"
}
],
"value": "\n\n\nIn affected versions, path traversal exists when processing a message of type 8\n\n in Rockwell Automation\u0027s ThinManager ThinServer. \n\nAn unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.\n\n \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T00:02:03.568Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager ThinServer Path Traversal Download",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-27856",
"datePublished": "2023-03-21T23:55:23.665Z",
"dateReserved": "2023-03-06T18:21:21.067Z",
"dateUpdated": "2025-02-25T21:22:03.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27855 (GCVE-0-2023-27855)
Vulnerability from nvd – Published: 2023-03-21 23:48 – Updated: 2025-02-25 20:21
VLAI?
Title
Rockwell Automation ThinManager ThinServer Path Traversal Upload
Summary
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
Severity ?
9.8 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
6.x - 10.x
Affected: 11.0.0 - 11.0.5 Affected: 11.1.0 - 11.1.5 Affected: 11.2.0 - 11.2.6 Affected: 12.0.0 - 12.0.4 Affected: 12.1.0 - 12.1.5 Affected: 13.0.0 - 13.0.1 |
Credits
Security researchers from Tenable reported this to Rockwell Automation.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:29.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T20:20:33.569069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:21:14.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "6.x - 10.x"
},
{
"status": "affected",
"version": "11.0.0 - 11.0.5"
},
{
"status": "affected",
"version": "11.1.0 - 11.1.5"
},
{
"status": "affected",
"version": "11.2.0 - 11.2.6"
},
{
"status": "affected",
"version": "12.0.0 - 12.0.4"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.5"
},
{
"status": "affected",
"version": "13.0.0 - 13.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Security researchers from Tenable reported this to Rockwell Automation."
}
],
"datePublic": "2023-03-21T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn affected versions, a path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. \u003c/span\u003e\n\n"
}
],
"value": "\nIn affected versions, a path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T00:01:41.197Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager ThinServer Path Traversal Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-27855",
"datePublished": "2023-03-21T23:48:11.750Z",
"dateReserved": "2023-03-06T18:21:21.067Z",
"dateUpdated": "2025-02-25T20:21:14.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38742 (GCVE-0-2022-38742)
Vulnerability from nvd – Published: 2022-09-23 15:24 – Updated: 2025-05-22 18:22
VLAI?
Title
Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack
Summary
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | ThinManager ThinServer |
Affected:
11.0.0 , ≤ 13.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:22:09.518015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:22:27.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "13.0.0",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T15:24:18.000Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@rockwellautomation.com",
"DATE_PUBLIC": "2022-09-22T15:15:00.000Z",
"ID": "CVE-2022-38742",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinManager ThinServer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "11.0.0",
"version_value": "13.0.0"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager ThinServer",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "13.0.0",
"status": "affected",
"version": "11.0.0",
"versionType": "Major"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected product is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. This could expose the server to arbitrary remote code execution.\u003cbr\u003e"
}
],
"value": "The affected product is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. This could expose the server to arbitrary remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"cveId": "CVE-2022-38742",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847",
"refsource": "MISC",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2022-38742",
"datePublished": "2022-09-23T15:24:18.224Z",
"dateReserved": "2022-08-24T00:00:00.000Z",
"dateUpdated": "2025-05-22T18:22:27.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}