all InfoSec news
Rockwell Automation ThinManager ThinServer v13.1.0.2630 Multiple Vulnerabilities
Aug. 17, 2023, 6:33 p.m. | Nick Miles
Tenable Research Advisories www.tenable.com
CVE-2023-2917 - Message 38 (SYNC_MSG_SEND_FILE_BACKGROUND) Path Traversal File Upload
A client message sent to a synchronization thread in ThinServer.exe has the following structure:
// be = big endian
struct header
{
be16 type; // msg type
be16 flags; // msg flags
// 0x0001 - request
// 0x0002 - response
// 0x0020 - final msg fragment?
// 0x8000 - ?
be32 len; // msg body length
};
struct msg
{
header hdr;
byte data[hdr.len]; …
automation big client cve file file upload header message msg path path traversal request rockwell rockwell automation synchronization upload vulnerabilities
More from www.tenable.com / Tenable Research Advisories
Fluent Bit Memory Corruption Vulnerability
2 weeks, 1 day ago |
www.tenable.com
Cross-Site Scripting in WordPress RSS Aggregator Plugin
2 weeks, 5 days ago |
www.tenable.com
Solidus Stored Cross-Site Scripting
2 weeks, 5 days ago |
www.tenable.com
Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities
3 weeks, 5 days ago |
www.tenable.com
Approach.App Multiple Vulnerabilities
1 month, 1 week ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
1 month, 3 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC