Description

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.  Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed.  A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.

Related CPE's

a

rockwellautomation

thinmanager_thinserver

7

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471

Permissions Required

Weaknesses

[email protected]

Primary
CWE-22

[email protected]

Secondary
CWE-20

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-17T16:15:09.790

11 months ago

Last modified

2023-08-23T15:56:46.197

11 months ago