all InfoSec news
Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities
March 21, 2023, 11:55 a.m. | Nick Miles
Tenable Research Advisories www.tenable.com
There are multiple vulnerabilities in Rockwell Automation ThinManager ThinServer.exe.
Affected Versions:
- 6.x - 10.x
- 11.0.0 - 11.0.5
- 11.1.0 - 11.1.5
- 11.2.0 - 11.2.6
- 12.0.0 - 12.0.4
- 12.1.0 - 12.1.5
- 13.0.0 - 13.0.1
CVE-2023-27855 - ThinManager ThinServer Path Traversal Upload
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
A client message sent to a synchronization thread in ThinServer.exe has the following structure:
// be = big endian
struct header
{
be16 type; // msg type
be16 flags; // msg flags
// 0x0001 …
11.2 automation client cve cvss message path path traversal rockwell automation synchronization vulnerabilities
More from www.tenable.com / Tenable Research Advisories
Fluent Bit Memory Corruption Vulnerability
2 weeks, 1 day ago |
www.tenable.com
Cross-Site Scripting in WordPress RSS Aggregator Plugin
2 weeks, 5 days ago |
www.tenable.com
Solidus Stored Cross-Site Scripting
2 weeks, 5 days ago |
www.tenable.com
Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities
3 weeks, 5 days ago |
www.tenable.com
Approach.App Multiple Vulnerabilities
1 month, 1 week ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
1 month, 3 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC