Description

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.  Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed.  A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.

Related CPE's

a

rockwellautomation

thinmanager_thinserver

7

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471

Permissions Required

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471

Permissions Required

Weaknesses

[email protected]

Secondary
CWE-20

[email protected]

Primary
CWE-22

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-17T14:15:09.790Z

2 years ago

Last modified

2024-11-21T06:59:34.000Z

1 year ago