all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities

Add to bookmarks
March 21, 2023, 11:55 a.m. | Nick Miles

Tenable Research Advisories www.tenable.com

Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities


There are multiple vulnerabilities in Rockwell Automation ThinManager ThinServer.exe.


Affected Versions:

  • 6.x - 10.x

  • 11.0.0 - 11.0.5

  • 11.1.0 - 11.1.5

  • 11.2.0 - 11.2.6

  • 12.0.0 - 12.0.4

  • 12.1.0 - 12.1.5

  • 13.0.0 - 13.0.1

CVE-2023-27855 - ThinManager ThinServer Path Traversal Upload


(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


A client message sent to a synchronization thread in ThinServer.exe has the following structure:



// be = big endian
struct header
{
   be16 type;  // msg type
   be16 flags; // msg flags
               // 0x0001 …

11.2 automation client cve cvss message path path traversal rockwell automation synchronization vulnerabilities

Visit resource

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities an hour ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass an hour ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 2 days, 1 hour ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 2 weeks ago | www.tenable.com
application attachment cookie date +14
LG LED Assistant v2.1.65 Multiple Vulnerabilities 3 weeks ago | www.tenable.com
assistant led vulnerabilities
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month ago | www.tenable.com
arcserve data data protection protection +1
Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 1 week ago | www.tenable.com
analytics azure azure synapse caching +8
Showdownjs Denial of Service 1 month, 3 weeks ago | www.tenable.com
can command concept conditions +17
Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months ago | www.tenable.com
accesstoken admin adobe authentication +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Information Security Manager & ISSO

@ Federal Reserve System | Minneapolis, MN
View on infosec-jobs.com

Forensic Lead

@ Arete | Hyderabad
View on infosec-jobs.com

Lead Security Risk Analyst (GRC)

@ Justworks, Inc. | New York City
View on infosec-jobs.com

Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com
View more jobs