gsd-2023-27855
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-27855",
"id": "GSD-2023-27855"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-27855"
],
"details": "In affected versions, a path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.",
"id": "GSD-2023-27855",
"modified": "2023-12-13T01:20:55.862946Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@rockwellautomation.com",
"ID": "CVE-2023-27855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinManager ThinServer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.x - 10.x"
},
{
"version_affected": "=",
"version_value": "11.0.0 - 11.0.5"
},
{
"version_affected": "=",
"version_value": "11.1.0 - 11.1.5"
},
{
"version_affected": "=",
"version_value": "11.2.0 - 11.2.6"
},
{
"version_affected": "=",
"version_value": "12.0.0 - 12.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0 - 12.1.5"
},
{
"version_affected": "=",
"version_value": "13.0.0 - 13.0.1"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Security researchers from Tenable reported this to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In affected versions, a path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-22",
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640",
"refsource": "MISC",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"
}
],
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.0.5",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.1.5",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.2.6",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:thinmanager:13.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@rockwellautomation.com",
"ID": "CVE-2023-27855"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In affected versions, a path traversal exists when processing a message in Rockwell Automation\u0027s ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-03-24T20:34Z",
"publishedDate": "2023-03-22T00:15Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.