cvelistv5 - cve-2023-27855

▼	URL	Tags
	PSIRT@rockwellautomation.com	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640	Permissions Required, Vendor Advisory

▼	Vendor	Product
	Rockwell Automation	ThinManager ThinServer

icsa-23-080-06

Vulnerability from csaf_cisa

Published

2023-03-31 19:07

Modified

2023-03-31 19:07

Summary

Rockwell Automation ThinManager

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to potentially perform remote code execution on the target or crash the software.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices

When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "James Swann"
        ],
        "organization": "Rockwell Automation",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to potentially perform remote code execution on the target or crash the software.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-23-080-06 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-080-06.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-23-080-06 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-06"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/Recommended-Practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://cisa.gov/ics"
      }
    ],
    "title": "Rockwell Automation ThinManager",
    "tracking": {
      "current_release_date": "2023-03-31T19:07:05.264096Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-23-080-06",
      "initial_release_date": "2023-03-31T19:07:05.264096Z",
      "revision_history": [
        {
          "date": "2023-03-31T19:07:05.264096Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "CSAF Creation Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 6.x | \u003c= 10.x",
                "product": {
                  "name": "ThinManager ThinServer: Versions 6.x - 10.x",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "ThinManager ThinServer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 11.0.0 | \u003c= 11.0.5",
                "product": {
                  "name": "ThinManager ThinServer: Versions 11.0.0 - 11.0.5",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "ThinManager ThinServer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 11.1.0 | \u003c= 11.1.5",
                "product": {
                  "name": "ThinManager ThinServer: Versions 11.1.0 - 11.1.5",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "ThinManager ThinServer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 11.2.0 | \u003c= 11.2.6",
                "product": {
                  "name": "ThinManager ThinServer: Versions 11.2.0 - 11.2.6",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "ThinManager ThinServer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 12.0.0 | \u003c= 12.0.4",
                "product": {
                  "name": "ThinManager ThinServer: Versions 12.0.0 - 12.0.4",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "ThinManager ThinServer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 12.1.0 | \u003c= 12.1.5",
                "product": {
                  "name": "ThinManager ThinServer: Versions 12.1.0 - 12.1.5",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "ThinManager ThinServer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 13.0.0 | \u003c= 13.0.1",
                "product": {
                  "name": "ThinManager ThinServer: Versions 13.0.0 - 13.0.1",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "ThinManager ThinServer"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation "
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-27855",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In affected versions, a path traversal exists when processing a message. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker can overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. CVE-2023-27855 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27855"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Rockwell Automation customers are directed towards the risk mitigations provided below, and are encouraged, when possible, to combine these mitigations with the general security guidelines to employ multiple strategies simultaneously.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Rockwell Automation has released the following updates for the affected versions:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 6.x - 10.x: These versions are retired. Please update to supported version.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 11.0.0 - 11.0.5: Update to v11.0.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 11.1.0 - 11.1.5: Update to v11.1.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 11.2.0 - 11.2.6: Update to v11.2.7",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 12.0.0 - 12.0.4: Update to v12.0.5",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 12.1.0 - 12.1.5: Update to v12.1.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 13.0.0 - 13.0.1: Update to v13.0.2",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "If customers are unable to update to the patched version, the following mitigations should be put in place:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Limiting remote access to TCP port 2031 to known thin clients and ThinManager servers would limit some access to exploit this vulnerability.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For additional security best practices, please see Rockwell Automation\u2019s Knowledgebase article, QA43240 Security Best Practices, to maintain the security posture of your environment.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-27856",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In affected versions, a path traversal exists when processing a message of type 8. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed. CVE-2023-27856 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27856"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Rockwell Automation customers are directed towards the risk mitigations provided below, and are encouraged, when possible, to combine these mitigations with the general security guidelines to employ multiple strategies simultaneously.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Rockwell Automation has released the following updates for the affected versions:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 6.x - 10.x: These versions are retired. Please update to supported version.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 11.0.0 - 11.0.5: Update to v11.0.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 11.1.0 - 11.1.5: Update to v11.1.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 11.2.0 - 11.2.6: Update to v11.2.7",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 12.0.0 - 12.0.4: Update to v12.0.5",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 12.1.0 - 12.1.5: Update to v12.1.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 13.0.0 - 13.0.1: Update to v13.0.2",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "If customers are unable to update to the patched version, the following mitigations should be put in place:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Limiting remote access to TCP port 2031 to known thin clients and ThinManager servers would limit some access to exploit this vulnerability.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For additional security best practices, please see Rockwell Automation\u2019s Knowledgebase article, QA43240 Security Best Practices, to maintain the security posture of your environment.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-27857",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation. CVE-2023-27857 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27857"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Rockwell Automation customers are directed towards the risk mitigations provided below, and are encouraged, when possible, to combine these mitigations with the general security guidelines to employ multiple strategies simultaneously.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Rockwell Automation has released the following updates for the affected versions:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 6.x - 10.x: These versions are retired. Please update to supported version.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 11.0.0 - 11.0.5: Update to v11.0.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 11.1.0 - 11.1.5: Update to v11.1.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 11.2.0 - 11.2.6: Update to v11.2.7",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 12.0.0 - 12.0.4: Update to v12.0.5",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 12.1.0 - 12.1.5: Update to v12.1.6",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Versions 13.0.0 - 13.0.1: Update to v13.0.2",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "If customers are unable to update to the patched version, the following mitigations should be put in place:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Limiting remote access to TCP port 2031 to known thin clients and ThinManager servers would limit some access to exploit this vulnerability.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For additional security best practices, please see Rockwell Automation\u2019s Knowledgebase article, QA43240 Security Best Practices, to maintain the security posture of your environment.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ]
    }
  ]
}

gsd-2023-27855

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.

Aliases

CVE-2023-27855

Aliases

CVE-2023-27855

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-27855",
    "id": "GSD-2023-27855"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-27855"
      ],
      "details": "In affected versions, a path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.",
      "id": "GSD-2023-27855",
      "modified": "2023-12-13T01:20:55.862946Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT@rockwellautomation.com",
        "ID": "CVE-2023-27855",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ThinManager ThinServer",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "6.x - 10.x"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "11.0.0 - 11.0.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "11.1.0 - 11.1.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "11.2.0 - 11.2.6"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.0.0 - 12.0.4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.1.0 - 12.1.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "13.0.0 - 13.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Rockwell Automation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Security researchers from Tenable reported this to Rockwell Automation."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In affected versions, a path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-22",
                "lang": "eng",
                "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640",
            "refsource": "MISC",
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.0.2",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.0.5",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.1.5",
                "versionStartIncluding": "11.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.2.6",
                "versionStartIncluding": "11.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.0.4",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.5",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:13.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@rockwellautomation.com",
          "ID": "CVE-2023-27855"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In affected versions, a path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-24T20:34Z",
      "publishedDate": "2023-03-22T00:15Z"
    }
  }
}

ghsa-pp6m-q8hc-23jj

Vulnerability from github

Published

2023-03-22 00:30

Modified

2023-03-24 21:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

A path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-27855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-22T00:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.",
  "id": "GHSA-pp6m-q8hc-23jj",
  "modified": "2023-03-24T21:30:53Z",
  "published": "2023-03-22T00:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27855"
    },
    {
      "type": "WEB",
      "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-27855

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2023-27855

Vulnerability from cvelistv5

icsa-23-080-06

Vulnerability from csaf_cisa

gsd-2023-27855

Vulnerability from gsd

ghsa-pp6m-q8hc-23jj

Vulnerability from github

Tags

Sightings

Nomenclature